OpenSSL new vulnerabilities

Migdiradmin · Nov 2, 2022

Directadmin owners have to do anything about this new vulnerabilities?
OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786

https://blog.cloudflare.com/cloudflare-is-not-affected-by-the-openssl-vulnerabilities-cve-2022-3602-and-cve-2022-37/

cjd · Nov 2, 2022

Only applies to very new OS versions running OpenSSL 3.0.x (If you can only run PHP 8.x , then it probably applies to you.)

So if anyone is, they should install their updates for their operating system.

As a side note, as I see this too often, doesn't matter what OS you are using, install your updates regularly. Most of my systems I manage are setup with daily auto updates for the base OS, if something breaks I will fix it quickly as it will set off alarms in the monitoring systems. A few critical systems I manage by hand, so I can take system snapshots before the updates in case something breaks I can roll back quickly, even those don't go more than 3 days without me logging in and checking on everything.

Zhenyapan · Nov 3, 2022

Ubuntu 22.04, CentOS Stream 9, RHEL 9, OpenMandriva 4.2, Gentoo, Fedora 36, Debian Testing и Unstable affected, but regular "update" will fix it in nearest future.

OpenSSL new vulnerabilities

Migdiradmin

Verified User

cjd

Verified User

Zhenyapan

Verified User