News item |: 01-11-2022 |: 18:32
The OpenSSL development team has just released version 3.0.7. Released. This fixes several vulnerabilities. The vulnerability, which OpenSSL previously classified as “critical”, has now been downgraded to “high”. Based on the information now available, the NCSC also estimates the severity of the vulnerability to be lower than previously thought.
NCSC has issued a safety advisory with an outlook for action. There is still a chance that your organization is using a vulnerable version of OpenSSL. The NCSC therefore advises organizations to read the safety advice and take action where necessary.
In addition, NCSC is working with partners to obtain the broadest and most up-to-date picture possible of products using a vulnerable OpenSSL variant. A list of this is maintained on GitHub. Please check the list regularly for relevant updates.