[eduVPN-deploy] Critical OpenSSL vulnerability (Ubuntu 22.04, Fedora, EL9)
François Kooman
fkooman at deic.dk
Wed Oct 26 10:58:06 CEST 2022
Hi all,
The OpenSSL project will release a new version of OpenSSL next Tuesday
(2022-11-01) that has a fix for a *CRITICAL* vulnerability.
We do not have more information and can't be sure about the impact on
eduVPN / Let's Connect!
If you VPN server runs:
* Ubuntu 22.04
* EL9 (RHEL, AlmaLinux, Rocky Linux, CentOS Stream)
* Fedora
You MUST make sure you update immediately when the OpenSSL package
updates become available from your OS vendor (on Tuesday!) and, just to
be sure, reboot your system:
$ sudo vpn-maint-update-system
$ sudo reboot
As Debian 11 uses OpenSSL 1.x the vulnerability does not apply there and
no additional actions are required.
Note: this is NOT a vulnerability in eduVPN/Let's Connect! but in OpenSSL.
For more information, limited as it is:
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
Regards,
François
More information about the eduVPN-deploy
mailing list