[squeak-dev] OpenSSL Releases Security Updates
ron at usmedrec.com
Thu Mar 17 18:50:14 UTC 2022
It is possible to trigger the infinite loop by crafting a certificate that
has invalid explicit curve parameters.
You are vulnerable to this if you accept certificates from clients.
OpenSSL 1.0.2 is out of support and no longer receiving public updates.
support is available for premium support customers:
OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
It is affected by the issue.
Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.
All the best,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Squeak-dev