1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-202211-01

[GLSA-202211-01] OpenSSL: Multiple Vulnerabilities

Severity Normal
Affected Packages 1
Unaffected Packages 1
CVEs 2
Info Packages References Vulnerabilities

Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.

Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description
Multiple buffer overflows exist in OpenSSL's handling of TLS certificates for client authentication.

Impact
It is believed that, while unlikely, code execution is possible in certain system configurations.

Workaround
Users operating TLS servers may consider disabling TLS client authentication, if it is being used, until fixes are applied.

Resolution
All OpenSSL 3 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.7"

Package Affected Version
pkg:ebuild/dev-libs/openssl?distro=gentoo < 3.0.7
Package Unaffected Version
pkg:ebuild/dev-libs/openssl?distro=gentoo >= 3.0.7
ID
GLSA-202211-01
Severity
normal
URL
https://security.gentoo.org/glsa/202211-01
Published
2022-11-01T00:00:00
(22 months ago)
Modified
2022-11-01T00:00:00
(22 months ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2022-3602 CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602
CVE CVE-2022-3786 CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786
Bugzilla 878269 Bugzilla #878269 https://bugs.gentoo.org/show_bug.cgi?id=878269
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/dev-libs/openssl?distro=gentoo dev-libs openssl < 3.0.7 gentoo
Unaffected pkg:ebuild/dev-libs/openssl?distro=gentoo dev-libs openssl >= 3.0.7 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date