Skip to content

OpenSSL 3.0.3
Compare
Choose a tag to compare
@quarckster quarckster released this 18 Sep 10:28
· 6001 commits to master since this release
openssl-3.0.3
This tag was signed with the committer’s verified signature.
mattcaswell Matt Caswell
GPG key ID: D9C4D26D0E604491
Verified
Learn about vigilant mode.
4d346a1

Changelog

  • Fixed a bug in the c_rehash script which was not properly sanitising shell
    metacharacters to prevent command injection CVE-2022-1292
  • Fixed a bug in the function OCSP_basic_verify that verifies the signer
    certificate on an OCSP response CVE-2022-1343
  • Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
    AAD data as the MAC key CVE-2022-1434
  • Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
    occuppied by the removed hash table entries CVE-2022-1473
Assets 6
Loading