On this page we display a list of vendors and their software affected and not affected by the OpenSSL vulnerability in version 3.X. This page is being updated as soon as we issue the corresponding security bulletin and according of the feedback of the vendors.
Updated: October 30, 2022 – 12:45 APM.
Affected:
-RHEL 9
-Ubuntu 22.04 LTS
-Fedora 36
-Fedora Rawhide LTS
-Kali 2022.3
-Linux Mint 21 Vanessa
-Ubuntu 22.04
-CentOS Stream 9
-Mageia Cauldron (3.0.5)
-OpenMandriva 4.3
-OpenMandriva Cooker
-Alma Linux 9.x
-Alpine Linux Edge
-Debian Sid (unstable)
-Rocky Linux 9
-Redhat ES 9
-NodeJS 18.0.0 and 19.x
-Tor
-Docker Images
-oraclelinux:openssl 1:3.0
-clojure (latest)
-eclipse-temurin 11.0
-flink 1.16
-gradle 7.5
-groovy 3.0.13
-ibm-semeru-runtimes open-18-jdk
-apacitor 1.6.5
-lightstreamer 7.3
-mariadb 10.9
-maven 3.8
-oraclelinux 9
-orientdb 3.2
-photon 4.0
-r-base 4.2.1
-ros humble-ros
-storm 2.4.0
-swift 5.7.0
-tomcat 10.1
-xwiki 14
-zookeeper 3.8-temurin
Compare Packages Between Distributions (thanks to DistroWatch.com). Select a package to scan for in each distribution: Here.
NOT Affected:
-Veeam Software
-ExaGrid
-Efficient IP
-Veeam Software
-VMware vCenter
-Fortinet Fortigate
Don’t hesitate to share with me more details (vendors, software, etc.). Thanks to all the contributors and let me know if you have additional entries. Twitter: @c_glemot
OpenSSL scan commands:
Powershell – Get-ChildItem -Recurse -File -ErrorAction SilentlyContinue -Path “C:\” -Filter “libssl*”
System-wide – openssl version
Running processes – sudo lsof -n | grep http://libssl.so.3
About OpenSSL Vulnerability (October 25th):
Critical OpenSSL Vulnerability version 3.0 and above: OpenSSL has just announced a critical vulnerability in version 3.x. This access vulnerability requires access to private keys and/or risks remote machine access (RCE). Vulnerabilities that can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations. The patched version 3.0.7 will be released on November 1st following OpenSSL. OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC. Does not affect versions before 3.0.
All users of OpenSSL should use this time to inventory instances of OpenSSL and prepare for immediate patching when this is released. We recommend that you begin identifying your vulnerable systems now and prepare to patch (schedule a Task Force especially on November, 1st).
Source: https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
Organizations, users, get ready! We’ll keep you updated.
Critical OpenSSL Vulnerability version 3.0: Blog Post
Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post
Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
VeeaMover in v12: Blog Post
Ransomware & Cybersecurity with Veeam v12: Blog Post
Why backup directly to Object Storage? Blog Post
Veeam B&R v12 New Features Overview: Blog Post
[REPLAY] Webinar Veeam v12 and Wasabi: Replay
Protect your data with Veeam and Wasabi: Blog post
Wasabi – Object Lock feature spotlight: Blog post
Veeam and the S3-compatible object storage solutions: Blog Post
[PODCAST] VeeamUser Group France #1: Record
Conti initiates their attacks on Backup: Blog Post
Backup with Trusted Repository Storage: Blog Post.
Protect your Backup against Ransomware: Blog Post.
