0

I've just noticed that there's a recent OpenSSL vulnerability.

An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1:
CVE-2023-2650: possible DoS translating ASN.1 object identifiers.
Ensure you have updated the package to its latest version.

What are the correct steps to update from version 1.1.1 to version 3.0.9? I am specially interested in the configuration phase of OpenSSL 3.

This is for a Ubuntu 20.04 LTS environment.

Currently by running apt update & apt upgrade, no new OpenSSL versions are installed by the system.

Alex
  • 121
  • 4
  • Hello. Ubuntu 22.04 already uses OpenSSL 3.0.2, and the latest vulnerabilities are patched. – Artur Meinild Jul 24 '23 at 11:15
  • When running `openssl version` I get `OpenSSL 1.1.1f 31 Mar 2020` – Alex Jul 24 '23 at 11:18
  • My bad, the environment is Ubuntu 20.04 LTS - I've just updated the initial post. – Alex Jul 24 '23 at 11:25
  • In this case, stay on version 1.1.1. It's still patched. – Artur Meinild Jul 24 '23 at 12:46
  • 1
    In my case: $ openssl version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) what then to do if two packages are blocked: gjs libgjs0g – Adam Mierzwiak Jul 24 '23 at 13:06
  • Exactly which CVE are you concerned about? Did you check the [Ubuntu CVE Tracker](https://ubuntu.com/security/cves) to see which version of OpenSSL 1.1.1 is appropriate, safe, and already-patched for you? 'Cause there is one..... – user535733 Jul 24 '23 at 18:38

0 Answers0