Description:
OpenSSL has released 1.1.1q and 3.0.5 to fix the vulnerabilities in various versions of OpenSSL. The details of the security update can be found at:
https://www.openssl.org/news/secadv/20220705.txt
Affected Systems:
- OpenSSL versions 1.1.1, 3.0 and 3.0.4
Impact:
Successful exploitation could lead to remote code execution or information disclosure on an affected system.
Recommendation:
Patches for affected software are available. System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.openssl.org/news/secadv/20220705.txt
- https://www.cisa.gov/uscert/ncas/current-activity/2022/07/06/openssl-releases-security-update
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274
