Upcoming Critical OpenSSL Vulnerability

What is it? The OpenSSL Project will release a security fix (OpenSSL version 3.0.7) for a new-and-disclosed CVE on Tuesday, November 1, 2022. This CVE is categorized as “CRITICAL” and affects all OpenSSL versions after 3.0. Who is impacted? Users running newer operating systems (OpenSSL versions after 3.0) and application stacks like NodeJS. Linux Distro OpenSSL Version CentOS Linux release 7.9 1.0.2 CentOS 8 (1.1.1) CentOS Stream 9 (3.0.1) Debian 11 (bullseye) (1.1.1) Eneavour 2022.09.10 (1.1.1) Fedora 34 (1.1.1) Fedora 35 (1.1.1) Fedora 36 (3.0.5) Fedora Rawhide (3.0.5) Kali 2022.3 (3.0.5) Linux Mint 21 Vanessa (3.0.2) Mageia 7 (1.1.1) Mageia 8 (1.1.1) Mageia Cauldron (3.0.5) OpenMandriva 4.3 (3.0.3) OpenMandriva Cooker (3.0.6) OPNsense 22 1.1.1 OpenSuSE Leap 15.2 (1.1.1) OpenSuSE Leap 15.3 (1.1.1) OpenSuSE Leap 15.4 (1.1.1) Proxmox 6 1.1.1 Redhat ES 9 3.0 Rocky Linux release 9.0 (Blue Onyx) 3.0.1 Slackware 14 1.0.1 Ubuntu 20.04 (1.1.1) Ubuntu 22.04 (3.0.2) Node.js v18.x and v19.x use OpenSSL v3. Therefore these release lines are impacted by this update. References https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192 https://www.globalsign.com/en/blog/urgent-patch-openssl-november-1-avoid-critical-security-vulnerability https://nodejs.org/en/blog/vulnerability/openssl-november-2022/