In general unless you've built and installed your own build of OpenSSL you need to refer to the vendor of your operating system for patches.
In particular the openssl packages in CentOS 7.9 are not affected given they are 1.0.2 version and not 3.0.x version. Tomas Mraz, OpenSSL On Wed, 2022-11-02 at 17:48 +1100, Turritopsis Dohrnii Teo En Ming wrote: > Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x > security vulnerabilities > > Good day from Singapore, > > I refer to the following posts. > > [1] OpenSSL Gives Heads Up to Critical Vulnerability Disclosure, > Check Point Alerts Organizations to Prepare Now > Link: > https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/ > > [2] 2022 OpenSSL vulnerability - CVE-2022-3602 - Spooky SSL > Link: https://github.com/NCSC-NL/OpenSSL-2022 > > [3] VMware Response to CVE-2022-3602 and CVE-2022-3786: > vulnerabilities in OpenSSL 3.0.x > Link: > https://blogs.vmware.com/security/2022/11/vmware-response-to-cve-2022-3602-and-cve-2022-3786-vulnerabilities-in-openssl-3-0-x.html > > I have 2 internet-facing CentOS 7.9 Linux servers in Europe. > > Are the patches available already? How do I patch OpenSSL on my > CentOS 7.9 Linux servers? > > Thank you. > > Regards, > > Mr. Turritopsis Dohrnii Teo En Ming > Targeted Individual in Singapore > Blogs: > https://tdtemcerts.blogspot.com > https://tdtemcerts.wordpress.com -- Tomáš Mráz, OpenSSL
