[squeak-dev] OpenSSL Releases Security Updates

Ron Teitelbaum ron at usmedrec.com
Thu Mar 17 18:50:14 UTC 2022

Hi All,



It is possible to trigger the infinite loop by crafting a certificate that
has invalid explicit curve parameters.

You are vulnerable to this if you accept certificates from clients.

OpenSSL 1.0.2 is out of support and no longer receiving public updates.
support is available for premium support customers:

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
It is affected by the issue.

Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.

All the best,

Ron Teitelbaum
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20220317/8e861733/attachment.html>

More information about the Squeak-dev mailing list