A vulnerability for OpenSSL version 3.0.x was announced on October 27, 2022 and identified as “critical”. A patch was released for it on November 1, 2022 with version 3.0.7. Our customers have asked if Variphy is affected by this vulnerability. At this time, our OVA is on ubuntu 18.04 LTS, with OpenSSL version 1.1.1 installed. This version is not affected by said vulnerability and does not require patching at this time.
More information can be found on the vulnerability here. Per the article, this vulnerability primary affects Ubuntu 22.04 LTS, and “Version 1.1.1 . . . is not susceptible to the CVE that is being fixed in 3.0“
You can confirm that your OVA has build 1.1.1 by simply connecting to the OVA command line via Vsphere console or an SSH session (Putty, OpenSSL, etc), and running the command: openssl version, which will show the current version and date installed.
If you have any additional questions or concerns, please contact us at support@variphy.com
