- Last week, the OpenSSL Project has announced a critical vulnerability and an upcoming fix for the open-source software library.
- Now, the 3.0.7 version of OpenSSL is released to fix this vulnerability; officials urge users to immediately update their OpenSSL instances.
- The vulnerability is said to be affecting only version 3.x series; however, the full details are not disclosed yet to give time people to patch their systems.
OpenSSL, the software library that ensures security in network communications currently has a critical vulnerability; as we mentioned last week it will be fixed with the 3.0.7 version. There were no details provided in the OpenSSL Project’s announcement of other than the release date and time of the patch; OpenSSL 3.0.7 was to be delivered on the 1st of November, between 13:00 – 17:00 UTC. Now, the patch is ready.
Marked as “critical”
While the vulnerability is marked as “critical”, which means it has a CVSS score higher than 8.9, the organization has mentioned that it does not affect the OpenSSL versions lower than 3.0. The OpenSSL 3.x versions are currently used in Ubuntu 22.04 LTS, Fedora 36, and some other Linux-based operating systems. In Ubuntu 22.04.1 LTS, the 3.0.2 version is pre-installed, which is considered a vulnerable version.
Additionally, Node.js 18.x and 19.x versions are utilizing OpenSSL 3 series by default; they should receive an immediate patch in a few days as well. Some of the Linux distributions like Debian are using the older series of OpenSSL; so there is no need to worry. You can check your OpenSSL version on your Linux-based operating system by using the simple command below:
openssl version
Since it is a very recent vulnerability, the OpenSSL Project did not provide any details about the vulnerability to give time for users to patch their systems. But since it is a critical vulnerability, we strongly recommend immediately patching the OpenSSL library. You can use the following link to download the fixed version of OpenSSL: