Important OpenSSL vulnerabilities fixed by TuxCare CVE-2021-3711/3712

Few libraries are in widespread use as OpenSSL. It has a ubiquitous presence across hardware platforms and operating systems, userland applications and IoT. The chances are good that the web browser you are using right now to read this page is relying in some way on OpenSSL to negotiate the “s” in the “https” with the webserver. 

Together with curl, zlib and glibc, it’s one of the names that make sysadmins tremble whenever they appear in the same sentence as “new vulnerabilities found”. Unfortunately, today is another of those days. Two new vulnerabilities have emerged for OpenSSL; one is considered “High” severity and the other “Low” severity. They affect all OpenSSL 1.1.1 versions, as well as the current beta/alpha versions of 3.0.0, but the final version of that series will include the fixes.

TuxCare’s Live Patching service has already prepared patches which are already being delivered – in the same day the vulnerabilities were announced – for EL8 based distributions, as well as Debian 10, Ubuntu 18.04 and 20.04 – the ones shipping the affected versions of OpenSSL.

 

Continue reading “Important OpenSSL vulnerabilities fixed by TuxCare CVE-2021-3711/3712”