OpenSSL v3.0.7 Spooky SSL CVE-2022-3602
A more comprehensive list of confirmed vulnerable and not-vulnerable software is now available from the Netherlands Nationaal Cyber Security Centrum (NCSC-NL)
https://github.com/NCSC-NL/OpenSSL-2022
Stand alone scanning tools to look for vulnerable OpenSSL v3 configurations and files.
The following is a list of software known to ship with OpenSSL v3 that I put together from various sources. This is being created to help remediation efforts ahead of CRITICAL patch release v3.0.7. I'm leaving this in place for now but please refer to NCSC-NL for a more comprehensive list.
- Ubuntu LTS 22.04
- Red Hat Enterprise Linux 9
- CentOS Stream 9
- Fedora 36
- Fedora CoreOS 36
- Fedora Rawhide LTS
- Kali 2022.3
- Linux Mint 21 Vanessa
- Mageia Cauldron 3.0.5
- OpenMandriva 4.3
- OpenMandriva Cooker
- Alma Linux 9.x
- Alpine Linux Edge
- Debian Sid (unstable)
- Rocky Linux 9 (Blue Onyx)