MorphOS 3.17 openssl3.library security update
  • MorphOS Developer
    Piru
    Posts: 547 from 2003/2/24
    From: finland, the l...
    A number of security vulnerabilities have been fixed in OpenSSL. While most of the vulnerabilities should not be a serious threat to MorphOS users (*), a hotfix for MorphOS openssl3.library has still been released.

    This version of openssl3.library is recommended for all MorphOS 3.17 users.

    You can download the library from MorphOS Team website.


    *) For the vulnerabilities to actually manifest themselves requires application that relies on specific combination of options and unusual server configuration. None of the MorphOS 3.17 included applications are susceptible, but third party applications could in theory have such combination of options in use.
  • »04.05.22 - 11:23
    Profile
  • Order of the Butterfly
    Order of the Butterfly
    MoerBoer
    Posts: 175 from 2019/10/15
    It's really great that the MorphOS team takes security so serious. Thanks
  • »04.05.22 - 11:54
    Profile
  • Paladin of the Pegasos
    Paladin of the Pegasos
    Amigaharry2
    Posts: 1045 from 2010/1/6
    From: EU-Austria (Wien)
    Code:
    It's really great that the MorphOS team takes security so serious. Thanks


    Nothing more to say......
    Peg2, 3xPowerMac G5, 2xPowerbookG4, 2x MacMiniG4, Efika (again), A3000T and life is never boring.....
  • »04.05.22 - 13:09
    Profile
  • Order of the Butterfly
    Order of the Butterfly
    Templario
    Posts: 464 from 2012/4/28
    Quote:

    Piru escribió:
    A number of security vulnerabilities have been fixed in OpenSSL. While most of the vulnerabilities should not be a serious threat to MorphOS users (*), a hotfix for MorphOS openssl3.library has still been released.

    This version of openssl3.library is recommended for all MorphOS 3.17 users.

    You can download the library from MorphOS Team website.


    *) For the vulnerabilities to actually manifest themselves requires application that relies on specific combination of options and unusual server configuration. None of the MorphOS 3.17 included applications are susceptible, but third party applications could in theory have such combination of options in use.


    One little question/doubt with an AmiSSL port for MorphOS will fix these problems too?
  • »05.05.22 - 10:00
    Profile
  • MorphOS Developer
    Piru
    Posts: 547 from 2003/2/24
    From: finland, the l...
    Quote:

    Templario wrote:
    One little question/doubt with an AmiSSL port for MorphOS will fix these problems too?


    Current AmiSSL release 4.12 is based on OpenSSL 1.1.1m. This AmiSSL version is vulnerable to CVE-2022-0778 -- details are at https://www.openssl.org/news/secadv/20220315.txt

    You'll need to contact AmiSSL authors for updates.
  • »05.05.22 - 14:28
    Profile