**Alexander Bochmann** @galaxis@mastodon.infra.de · Mar 24, 2021, 23:36

**Alexander Bochmann** @galaxis@mastodon.infra.de · Mar 24, 2021, 23:36

Alexander Bochmann @galaxis@mastodon.infra.de

Mar 24, 2021, 23:36

Alexander Bochmann @galaxis@mastodon.infra.de

Hrm. OpenSSL 1.1.1 update today? From IRC: https://support2.windriver.com/index.php?page=security-notices&on=view&id=7055

No mention anywhere else yet?

Quote:
Openssl will release new update on 2021/03/25, it will fix two "High" severity issues. These issues does not affect OpenSSL versions before 1.1.1:

CVE-2021-3449: NULL pointer deref in signature_algorithms processing

CVE-2021-3450: CA certificate check bypass with X509_V_FLAG_X509_STRICT"

**Alexander Bochmann** @galaxis@mastodon.infra.de · Mar 25, 2021, 00:25

**Alexander Bochmann** @galaxis@mastodon.infra.de · Mar 25, 2021, 00:25

Mar 25, 2021, 00:25

Alexander Bochmann @galaxis@mastodon.infra.de

(This looks like a somewhat botched advisory, and it's also not yet listed on their overview page. Wonder if they broke an embargo there?)

**Alexander Bochmann** @galaxis@mastodon.infra.de · 2021-03-25T18:56:59Z

Alexander Bochmann @galaxis@mastodon.infra.de

Ah, the OpenSSL 1.1.1 advisory for CVE-2021-3450 and CVE-2021-3449 is now out officially:

https://www.openssl.org/news/secadv/20210325.txt

#infosec #openssl

Mar 25, 2021, 18:56 · · · ·

Resources

Developers

What is Mastodon?

mastodon.infra.de

More…