This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenSSL Security update announced

Hello Sophos,

are Sophos firewalls (SG and XG) affected by the OpenSSL vulnerability?
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

Ben



This thread was automatically locked due to age.
Parents
  • You aren't giving them any time, are ya?!  LOL, it was announced a few hours ago.

    There's nothing I can find on CVE related to this and nothing really of note in that site that describes much.  Do you happen to know if they even related a CVE?  Is it even a vulnerability?

    EDIT:  Checking the IPS Rules covering CVE issues, the latest one I can find from this year is CVE 2022-1292 and that was fixed in 3.0.3 OpenSSL.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • You aren't giving them any time, are ya?!  LOL, it was announced a few hours ago.

    There's nothing I can find on CVE related to this and nothing really of note in that site that describes much.  Do you happen to know if they even related a CVE?  Is it even a vulnerability?

    EDIT:  Checking the IPS Rules covering CVE issues, the latest one I can find from this year is CVE 2022-1292 and that was fixed in 3.0.3 OpenSSL.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children