VanDyke Software

Security Advisory

Security Advisory

OpenSSL 3.0.0 through 3.0.6 vulnerabilities (CVE-2022-3602 and CVE-2022-3786)

Risk assessment: High


Posted: November 10, 2022

Description

On November 1, 2022, the OpenSSL organization announced vulnerabilities CVE-2022-3786 and CVE-2022-3602 affecting OpenSSL versions 3.0.0 through 3.0.6. The OpenSSL team has released version 3.0.7 to address these vulnerabilities.

Products Not Affected

  • All VanDyke Software products on supported Windows platforms.
  • All VanDyke Software products on supported RHEL platforms.
  • All VanDyke Software products on supported macOS platforms.
  • All VanDyke Software products on supported Ubuntu platforms version 20.04 and earlier.
  • SecureCRT/SecureFX version 9.3 on Ubuntu 22.04 platforms which have already been patched with OpenSSL version 3.0.7 or newer.
  • VShell version 4.8 on Ubuntu 22.04 platforms which have already been patched with OpenSSL version 3.0.7 or newer.

Products Affected

  • SecureCRT/SecureFX version 9.3, only on Ubuntu 22.04 platforms which have not yet been patched with OpenSSL version 3.0.7 or newer.
  • VShell version 4.8, only on Ubuntu 22.04 platforms which have not yet been patched with OpenSSL version 3.0.7 or newer.

Resolution for Ubuntu 22.04

  • Patch Ubuntu 22.04 with OpenSSL version 3.0.7 or newer.

Official Postings

Revision History

November 10, 2022 – Security Advisory Published

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.