MorphOS 3.17 openssl3.library security update
  • MorphOS Developer
    Piru
    Posts: 522 from 2003/2/24
    From: finland, the l...
    A number of security vulnerabilities have been fixed in OpenSSL. While most of the vulnerabilities should not be a serious threat to MorphOS users (*), a hotfix for MorphOS openssl3.library has still been released.

    This version of openssl3.library is recommended for all MorphOS 3.17 users.

    You can download the library from MorphOS Team website.


    *) For the vulnerabilities to actually manifest themselves requires application that relies on specific combination of options and unusual server configuration. None of the MorphOS 3.17 included applications are susceptible, but third party applications could in theory have such combination of options in use.
  • »04.05.22 - 12:23
    Profile
  • Acolyte of the Butterfly
    Acolyte of the Butterfly
    MoerBoer
    Posts: 146 from 2019/10/15
    It's really great that the MorphOS team takes security so serious. Thanks
  • »04.05.22 - 12:54
    Profile
  • Priest of the Order of the Butterfly
    Priest of the Order of the Butterfly
    Amigaharry2
    Posts: 980 from 2010/1/6
    From: EU-Austria (Wien)
    Code:
    It's really great that the MorphOS team takes security so serious. Thanks


    Nothing more to say......
    Peg2, 3xPowerMac G5, 2xPowerbookG4, 2x MacMiniG4, Efika (again), A3000T and life is never boring.....
  • »04.05.22 - 14:09
    Profile
  • Order of the Butterfly
    Order of the Butterfly
    Templario
    Posts: 434 from 2012/4/28
    Quote:

    Piru escribió:
    A number of security vulnerabilities have been fixed in OpenSSL. While most of the vulnerabilities should not be a serious threat to MorphOS users (*), a hotfix for MorphOS openssl3.library has still been released.

    This version of openssl3.library is recommended for all MorphOS 3.17 users.

    You can download the library from MorphOS Team website.


    *) For the vulnerabilities to actually manifest themselves requires application that relies on specific combination of options and unusual server configuration. None of the MorphOS 3.17 included applications are susceptible, but third party applications could in theory have such combination of options in use.


    One little question/doubt with an AmiSSL port for MorphOS will fix these problems too?
  • »05.05.22 - 11:00
    Profile
  • MorphOS Developer
    Piru
    Posts: 522 from 2003/2/24
    From: finland, the l...
    Quote:

    Templario wrote:
    One little question/doubt with an AmiSSL port for MorphOS will fix these problems too?


    Current AmiSSL release 4.12 is based on OpenSSL 1.1.1m. This AmiSSL version is vulnerable to CVE-2022-0778 -- details are at https://www.openssl.org/news/secadv/20220315.txt

    You'll need to contact AmiSSL authors for updates.
  • »05.05.22 - 15:28
    Profile