[Info-vax] Upcoming patch for major security flaw in OpenSSL 3.x
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Thu Nov 3 18:44:15 EDT 2022
On 2022-10-28 13:03:54 +0000, Simon Clubley said:
> There is a major security flaw affecting OpenSSL 3.x that is critical
> enough to announce in advance of the actual patch being released next
> week:
Downgraded to HIGH, and might arguably be MEDIUM given the requirements.
Some background on the bug, on the difficulies of parsing, on Unicode
and ASCII, and of potential means of bug detection.
https://words.filippo.io/dispatches/openssl-punycode/
BTW / unrelated / PSA : OpenSSH 9.0p1 is restricting RSA and SHA-1
usage by default, so expect a few wrinkles when interoperating with
OpenVMS.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list