Nov 21, 2022

OpenSSL - Critical Vulnerability (versions 3.0.0 to 3.0.6)

Overview

OpenSSL announced the discovery of a critical vulnerability, requiring a new version (3.0.7) that has been released on November 1, 2022. 

Please check our blog found here for a detailed information. 

Note: The latest stable version is the 3.0.7 in the 3.0 series supported until 7th September 2026. This is also a Long Term Support (LTS) version. The previous LTS version (the 1.1.1 series) is also available and is supported until 11th September 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encouraged to upgrade to 3.0 as soon as possible.

How do I determine my OpenSSL version?

Run the command:  "openssl version -a" and it will generate the version number and release date as shown below as an example (OpenSSL 1.0.1f 6 Jan 2014).

What should I do?

We highly recommend you to contact the stakeholders in your organization and have them scan your server set up/systems and in case you find OpenSSL versions 3.0 and higher, upgrade it to OpenSSL version 3.0.7. If you use Third Party vendors, please check with them for OpenSSL 3.0 or higher and upgrade to OpenSSL 3.0.7.

Where to get the download OpenSSL 3.0.7?

You can download it here: https://slproweb.com/products/Win32OpenSSL.html