A number of security vulnerabilities have been fixed in OpenSSL. While most of the vulnerabilities should not be a serious threat to MorphOS users (*), a hotfix for MorphOS openssl3.library has still been released.

This version of openssl3.library is recommended for all MorphOS 3.17 users.

You can download the library from MorphOS Team website.


*) For the vulnerabilities to actually manifest themselves requires application that relies on specific combination of options and unusual server configuration. None of the MorphOS 3.17 included applications are susceptible, but third party applications could in theory have such combination of options in use.

It's really great that the MorphOS team takes security so serious. Thanks

thanks a lot Piru for this quick fix! i add it to the Chrysalis pack.

Code:

Nothing more to say......

Quote:

One little question/doubt with an AmiSSL port for MorphOS will fix these problems too?

Quote:
Current AmiSSL release 4.12 is based on OpenSSL 1.1.1m. This AmiSSL version is vulnerable to CVE-2022-0778 -- details are at https://www.openssl.org/news/secadv/20220315.txt

You'll need to contact AmiSSL authors for updates.