LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page OpenSSL 1.1.1k
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-24-2021, 01:00 PM   #1
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 737

Rep: Reputation: 78
OpenSSL 1.1.1k

So what's the fix they put in to address a "high" vuln issue?

https://mta.openssl.org/pipermail/op...ch/000196.html
 
Old 03-25-2021, 12:38 AM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
From https://github.com/openssl/openssl/b...d#openssl-111:
Quote:
For a full list of changes, see the git commit log and pick the appropriate release branch.
 
Old 03-25-2021, 08:31 AM   #3
boughtonp
Senior Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 3,616

Rep: Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555
Based on previous releases, commits related to vulnerabilities don't appear in the repo until shortly before the release.

https://git.openssl.org/?p=openssl.git&a=search&h=HEAD&st=commit&s=CVE-

1.1.1j tagged at 15:24, CVE commits merged same day 11:32..11:40
1.1.1i tagged at 13:20, CVE commits merged same day 10:16

Since the release time they gave for 1.1.1k is between 13:00 and 17:00 UTC, and it's now 13:30 UTC the commits will likely appear within the next few hours, (but are not there at the time of posting).
 
Old 03-25-2021, 03:53 PM   #4
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 737

Original Poster
Rep: Reputation: 78
Looks like these two.
CVE-2021-3449
https://nvd.nist.gov/vuln/detail/CVE-2021-3449
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3449

CVE-2021-3450
https://nvd.nist.gov/vuln/detail/CVE-2021-3450
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3450
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] new openssl 1.1.0 - broken compatibility with openssl 1.0.1 FranekW Linux - Newbie 2 06-26-2018 10:49 AM
Does recursive mutex lock in openssl will affect other openssl users in same system? T.Selvan Linux - Networking 3 02-09-2016 12:59 AM
openssl: any simple examples no how to use openssl to do some decryption? eantoranz Programming 7 07-26-2012 07:57 PM
install of openssl-0.9.8b-8.3.el5 conflicts with file from package openssl-0.9.8b-8.3 jsaravana87 Linux - Server 1 09-26-2011 01:02 PM
oops openssl-0.9.8e over openssl-0.9.8d bad install now 2 copies? rcorkum Slackware 4 06-29-2007 01:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:51 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration