The MorphOS development team has announced: "A vulnerability has been identified and fixed in the OpenSSL 3.0.1 included in MorphOS 3.16.
The vulnerability (CVE-2022-0778) allows malicious attackers to create TLS certificates that when connected to result in the client application hanging indefinitely.
A fixed openssl3.library (based on OpenSSL 3.0.2) will be released as the part of the future MorphOS 3.17 release. Meanwhile you can install the following replacement openssl3.library (1,6 MB) that fixes the problem for MorphOS 3.16." (dr)
[News message: 16. Mar. 2022, 05:55] [Comments: 0]
[Send via e-mail] [Print version] [ASCII version]