LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   OpenSSL 1.1.1k (https://www.linuxquestions.org/questions/linux-security-4/openssl-1-1-1k-4175692580/)

Linux_Kidd 03-24-2021 01:00 PM
OpenSSL 1.1.1k
 
So what's the fix they put in to address a "high" vuln issue?

https://mta.openssl.org/pipermail/op...ch/000196.html

berndbausch 03-25-2021 12:38 AM
From https://github.com/openssl/openssl/b...d#openssl-111:
Quote:
For a full list of changes, see the git commit log and pick the appropriate release branch.

boughtonp 03-25-2021 08:31 AM

 
Based on previous releases, commits related to vulnerabilities don't appear in the repo until shortly before the release.

https://git.openssl.org/?p=openssl.git&a=search&h=HEAD&st=commit&s=CVE-

1.1.1j tagged at 15:24, CVE commits merged same day 11:32..11:40
1.1.1i tagged at 13:20, CVE commits merged same day 10:16

Since the release time they gave for 1.1.1k is between 13:00 and 17:00 UTC, and it's now 13:30 UTC the commits will likely appear within the next few hours, (but are not there at the time of posting).

Linux_Kidd 03-25-2021 03:53 PM
Looks like these two.
CVE-2021-3449
https://nvd.nist.gov/vuln/detail/CVE-2021-3449
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3449

CVE-2021-3450
https://nvd.nist.gov/vuln/detail/CVE-2021-3450
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3450


All times are GMT -5. The time now is 01:04 PM.