On Wed, 2 Nov 2022 at 18:38, Tomas Mraz <to...@openssl.org> wrote: > In general unless you've built and installed your own build of OpenSSL > you need to refer to the vendor of your operating system for patches. > > In particular the openssl packages in CentOS 7.9 are not affected given > they are 1.0.2 version and not 3.0.x version. >
This is good news. I can sleep well. > > Tomas Mraz, OpenSSL > > On Wed, 2022-11-02 at 17:48 +1100, Turritopsis Dohrnii Teo En Ming > wrote: > > Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x > > security vulnerabilities > > > > Good day from Singapore, > > > > I refer to the following posts. > > > > [1] OpenSSL Gives Heads Up to Critical Vulnerability Disclosure, > > Check Point Alerts Organizations to Prepare Now > > Link: > > > https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/ > > > > [2] 2022 OpenSSL vulnerability - CVE-2022-3602 - Spooky SSL > > Link: https://github.com/NCSC-NL/OpenSSL-2022 > > > > [3] VMware Response to CVE-2022-3602 and CVE-2022-3786: > > vulnerabilities in OpenSSL 3.0.x > > Link: > > > https://blogs.vmware.com/security/2022/11/vmware-response-to-cve-2022-3602-and-cve-2022-3786-vulnerabilities-in-openssl-3-0-x.html > > > > I have 2 internet-facing CentOS 7.9 Linux servers in Europe. > > > > Are the patches available already? How do I patch OpenSSL on my > > CentOS 7.9 Linux servers? > > > > Thank you. > > > > Regards, > > > > Mr. Turritopsis Dohrnii Teo En Ming > > Targeted Individual in Singapore > > Blogs: > > https://tdtemcerts.blogspot.com > > https://tdtemcerts.wordpress.com > > -- > Tomáš Mráz, OpenSSL > >