Security Alert (A23-02-10): Multiple Vulnerabilities in OpenSSL


 

Published on: 10 February 2023

Description:

OpenSSL has released 1.1.1t and 3.0.8 to fix the vulnerabilities in various versions of OpenSSL. The details of the security update can be found at:
https://www.openssl.org/news/secadv/20230207.txt

 

Affected Systems:

  • OpenSSL versions 1.0.2, 1.1.1 and 3.0.0 to 3.0.7

Please note that OpenSSL version 1.0.2 has reached End-Of-Life (EOL).  No security updates will be provided.  Users should arrange upgrading to supported versions or migrating to other supported technology.

 

Impact:

Successful exploitation could lead to denial of service, information disclosure or security restriction bypass on an affected system.

 

Recommendation:

Patches for affected software are available. System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.openssl.org/news/secadv/20230207.txt
  • https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities_20230209
  • https://www.cisa.gov/uscert/ncas/current-activity/2023/02/09/openssl-releases-security-advisory
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215 (To CVE-2023-0217)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401


Tag: OpenSSL
Tags