[GLSA-202211-01] OpenSSL: Multiple Vulnerabilities
Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Description
Multiple buffer overflows exist in OpenSSL's handling of TLS certificates for client authentication.
Impact
It is believed that, while unlikely, code execution is possible in certain system configurations.
Workaround
Users operating TLS servers may consider disabling TLS client authentication, if it is being used, until fixes are applied.
Resolution
All OpenSSL 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.7"
Package | Affected Version |
---|---|
pkg:ebuild/dev-libs/openssl?distro=gentoo | < 3.0.7 |
Package | Unaffected Version |
---|---|
pkg:ebuild/dev-libs/openssl?distro=gentoo | >= 3.0.7 |
- ID
- GLSA-202211-01
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/202211-01
- Published
-
2022-11-01T00:00:00
(22 months ago) - Modified
-
2022-11-01T00:00:00
(22 months ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALPINE:CVE-2022-3602
- ALPINE:CVE-2022-3786
- ALSA-2022:7288
- CISCO-SA-OPENSSL-W9SDCC2A
- ELSA-2022-10004
- ELSA-2022-7288
- ELSA-2022-9968
- FEDORA-2022-0f1d2e0537
- FEDORA-2022-502f096dce
- FREEBSD:0844671C-5A09-11ED-856E-D4C9EF517024
- GLSA-202405-29
- MS:CVE-2022-3602
- MS:CVE-2022-3786
- RHSA-2022:7288
- RLSA-2022:7288
- RUSTSEC-2022-0064
- RUSTSEC-2022-0065
- SECADV-20221101-1
- SECADV-20221101-2
- SUSE-SU-2022:3843-1
- SUSE-SU-2022:4586-1
- USN-5710-1
- VU:794340
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-3602 | CVE-2022-3602 | https://nvd.nist.gov/vuln/detail/CVE-2022-3602 |
CVE | CVE-2022-3786 | CVE-2022-3786 | https://nvd.nist.gov/vuln/detail/CVE-2022-3786 |
Bugzilla | 878269 | Bugzilla #878269 | https://bugs.gentoo.org/show_bug.cgi?id=878269 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |