Sandfly 4.2.3 - OpenSSL CVE-2022-3602 and CVE-2022-3786 Update
2022-11-2 06:14:14 Author: sandflysecurity.com(查看原文) 阅读量:8 收藏

Sandfly 4.2.3 has been released and contains fixes for the OpenSSL CVEs announced on November 1, 2022: CVE-2022-3602 and CVE-2022-3786.

Sandfly's core server and API is written in Go and the TLS libraries are not affected by this bug. However, out of an abundance of caution and to assist customers with their own compliance needs, we are releasing updated Docker images that include the fixed version of OpenSSL. The v4.2.3 release of Sandfly is functionally equivalent to the v4.2.2 release.

Specifically, the sandfly-server and sandfly-node images, which are based on Ubuntu 22.04 LTS, include the libssl3 3.0.2-0ubuntu1.7 package which includes the fix. The sandfly-rabbit image is based on Ubuntu 20.04 LTS, which does not include a vulnerable version of OpenSSL.

Customers wishing to upgrade can follow the instructions here:

 Upgrading Sandfly

 If you have any questions, please reach out to us.


文章来源: https://sandflysecurity.com/blog/sandfly-4-2-3-openssl-cve-2022-3602-and-cve-2022-3786-update
如有侵权请联系:admin#unsafe.sh