Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: OpenSSL Security Advisory (CVE-2022-2097) |
|
| Author |
|
dannygloudemans
Joined: 13 Jul 2022
Posts: 1
Location: Netherlands
|
 Posted: Wed 13 Jul '22 8:48 Post subject: OpenSSL Security Advisory (CVE-2022-2097) |
 |
|
On July 5th OpenSSL sent out a Security Advisor with a severity high vulnerability (but Apache shouldn't be affected by this as it doesn't affect OpenSSL 1.1.1 and 1.0.2). However there was also a severity moderate vulnerability that has affect on OpenSSL 1.1.1 and they advised to upgrade to 1.1.1q.
I believe that only 32-bit x86 platforms are affected and thus it doesn't apply on the Win64 version, could you please confirm?
See https://www.openssl.org/news/secadv/20220705.txt for more details.
Thank you |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Wed 13 Jul '22 11:09 Post subject: |
|
|
| Yes. And since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. |
|
| Back to top |
|
|
|
|
|
|
