Statement on OpenSSL vulnerabilities (CVE-2022-3602 & CVE-2022-3786)

Avatar

Version Française

Background

On November 1, 2022, it was reported that OpenSSL version 3.0.x is vulnerable to exploits that could result in crashes and/or remote code execution. Some Objectif Lune applications use OpenSSL libraries and may therefore be flagged by security monitoring software.

Severity

Our R&D department has analyzed the potential risk in Objectif Lune applications.

While some of the OL applications do use OpenSSL libraries, the versions of these libraries that they use cannot be targeted by these specific vulnerabilities. This statement applies not only to OL Connect, but also to PReS, PlanetPress Suite and Printshop Mail Suite.

OL applications are therefore not impacted by these vulnerabilities.

Corrective measures

Next year’s 2023.1 version of OL Connect could have been impacted by these threats as some of its modules were scheduled to use OpenSSL 3.x. Our R&D department has already taken the appropriate steps to ensure the modules will be using the patched version of OpenSSL 3, which was released on November 1, 2022.

Tagged in: OpenSSL, Vulnerability



Leave a Reply

Your email address will not be published. Required fields are marked *