Vulnerabilidade no OpenSSL

Se você está usando o OpenSSL 3.x atualize o quanto antes.

Versões anteriores – aparentemente – não sao afetadas.

As informações ainda não são muito claras, mas o projeto já está trabalhando para resolver.

Update 2022-10-01_15:55

Saiu o posicionamento do projeto OPENSSL e o bugfix para o problema.

https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

Refs

OpenSSL

• https://www.openssl.org/news/vulnerabilities-3.0.html
• https://www.openssl.org/news/secadv/20221011.txt

Outros

• https://www.trendmicro.com/en_za/research/22/j/openssl-critical-security-vulnerability-fix.html
• https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/
• https://snyk.io/blog/new-openssl-critical-vulnerability/
• https://www.akamai.com/blog/security-research/openssl-vulnerability-how-to-effectively-prepare
• https://blog.qualys.com/vulnerabilities-threat-research/2022/10/31/qualys-research-alert-prepare-for-a-critical-vulnerability-in-openssl-3-0