You are here
OpenSSL vulnerabilities fixed in version 3.0.7
Submitted on 28. October 2022 - 9:50 by rischi.
Last update on 11. November 2022 - 21:26.
Last update on 11. November 2022 - 21:26.
IDs:
CVE-2022-3602, CVE-2022-3786
Keywords:
openssl
Description:
OpenSSL 3.0.7 fixes two buffer overrun vulnerabilities related to X.509 certificate verification (CVE-2022-3602, CVE-2022-3786) [1]. The criticality is described as high. This is the 2nd highest criticality according to OpenSSL.
Airlock Gateway 7.x and all versions of Airlock Microgateway are not affected because these versions use OpenSSL 1.1.x, which is not affected by these vulnerabilities.
Airlock Gateway 8.0 is affected. A hotfix HF0050 is available to update OpenSSL to version 3.0.7.
Resolution:
We recommend to install hotfix HF0050 on all Airlock Gateway 8.0 instances.
Component:
Airlock
Airlock Vulnerability Status:
Airlock vulnerable, see resolution
Back-end Vulnerability Status:
Does not affect back-end behind Airlock
Reference: