HCL SW Blogs
Select Page

(This blog will be updated with additional information as needed) 

The OpenSSL projectannounced details of vulnerabilities that exist in versions of the OpenSSL software versions earlier than version 3.0.7.  They have released OpenSSL Version 3.0.7 to address these security vulnerabilities. OpenSSL is the core open-source library that implements SSL and TLS protocols which makes it possible to securely communicate over the internet. It impacts Linux operating systems and some variants including Mac OS Ventura and Node.js 18 and 19. 

About the Vulnerability 

The OpenSSL project had originally communicated this vulnerability as Critical, however, it has since been downgraded to High per the latest advisory from OpenSSL.  They have indicated it does not impact versions of OpenSSL prior to V3.0.

This Vulnerability Is Known to Impact: 

  • Linux operating systems and some variants such as Ubuntu and macOS Ventura 
  • Containers and container images 
  • Node.js 18.x and 19.x which are JavaScript runtimes 
  • Code developed by C/C++ developers who embedded OpenSSL V3.0 or above 

Recommended Actions for BigFix Users 

  1. Review the latest details from OpenSSL at https://www.openssl.org/news/vulnerabilities.html 
  2. Identify vulnerable systems with OpenSSL V3.0 and above 
    1. Perform an Inventory scan (BigFix Inventory signatures in development) 
      1. Refer to the BigFix Forum for the software signature information once published 
      2. Review other sources of scanning software and tools for OpenSSL version at https://github.com/NCSC-NL/OpenSSL-2022/tree/main/scanning 
  3. Upgrade to OpenSSL to V3.0.7 as soon as possible to prevent a potential breach or attack 
    1. The BigFix team will be publishing vendor fixlets addressing this vulnerability in an expedited timeline
    2. Watch the BigFix Forum for content release announcements, as well as the BigFix Forum link below for our overall response.
  4. Keep abreast of updates on the Big Forum: https://forum.bigfix.com/t/openssl-3-vulnerabilities-2022-11-01/43303 

 

Comment wrap
Further Reading
Consolidating tools can help in uncertain economic times
Automation | March 27, 2023
Consolidating Tools Can Help in Uncertain Economic Times
“IT tool consolidation” refers to the process of streamlining an organization's technology stack by reducing redundancies and consolidating similar tools into a single platform.
BigFix on Cloud
Automation | February 20, 2023
Accelerate Your Endpoint Management with BigFix on Cloud
As endpoints continue to grow in volume and diversity, managing and securing them has become more complex and time-consuming.
Oracle Increases Prices for Java
Automation | February 8, 2023
Oracle Increases Prices for Java – Look to BigFix for a Solution
To help our customers navigate this Oracle change, BigFix Inventory can identify which machines have Oracle Java to avoid unexpected license compliance issues.
Close
Filters result by
Sort:
|