ITUGLIB Update: OpenSSL 3.1.1, 3.0.9, 1.1.1u Available
From
Randall@21:1/5 to
All on Fri Jun 2 07:39:04 2023
Hi Everyone,
A new set of fix releases are available for OpenSSL. The release is a result of CVE-2023-2650, which is considered Moderate on 3.x and Low on 1.1.1. This CVE relates to problems with ASN.1 parsing.
Some details on this patch:
OpenSSL 3.1.1 is a fix to the initial release 3.1.0 for OSS. This release should be source and binary compatible with the 3.0.x series, so ITUGLIB releases built for 3.0 should work. There are 64- and 32-bit threaded and unthreaded packages for this
release. Note: that the end of life date for 3.1.x is nearer than 3.0.x. The L-series build for this release should work without coreutils PRNGD running.
OpenSSL 3.0.9 is a fix to the 3.0.8 release for OSS. This is the preferred "go to" release. There are 64- and 32-bit threaded and unthreaded packages for this release. The L-series build for this release should work without coreutils PRNGD running.
OpenSSL 1.1.1u is a fix to 1.1.1t. Note that the 1.1.1 series is currently in a security fix only state. It will go off security support (a.k.a. end of life) on Sept 11, 2023, which is only about 3 months away. This release has a separate IEEE float
build for NonStop OSS as well as threaded and unthreaded packages. The 3.x series is built with IEEE by default. This release requires coreutils PRNGD.
Note that the OpenSSL 1.0.2 series has a fix but only if you have a support contract. 1.1.1 will move to the same situation as 1.0.2 in September. I can facilitate support contracts upon request.
Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)