Hello,
I was made aware of a security vulnerability related to OpenSSL version 3.1.6 (see below details). Note: I currently running Apache 2.4.62 and Wamp 3.3.6. Will there be an upgraded version of OpenSSL (i.e. 3.1.7) anytime soon? Thank you.
Details
Impact: Abnormal termination of an application can a cause a denial of service.
Vulnerability Insight: Applications performing certi?cate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the appli-
cation process.
References
cve: CVE-2024-6119
url: [openssl-library.org]
url: [openssl-library.org]
cert-bund: WID-SEC-2024-2040
dfn-cert: DFN-CERT-2024-2322
dfn-cert: DFN-CERT-2024-2285
Best,
Jeff
I was made aware of a security vulnerability related to OpenSSL version 3.1.6 (see below details). Note: I currently running Apache 2.4.62 and Wamp 3.3.6. Will there be an upgraded version of OpenSSL (i.e. 3.1.7) anytime soon? Thank you.
Details
Impact: Abnormal termination of an application can a cause a denial of service.
Vulnerability Insight: Applications performing certi?cate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the appli-
cation process.
References
cve: CVE-2024-6119
url: [openssl-library.org]
url: [openssl-library.org]
cert-bund: WID-SEC-2024-2040
dfn-cert: DFN-CERT-2024-2322
dfn-cert: DFN-CERT-2024-2285
Best,
Jeff