Number: AV17-163
Date: 6 November 2017
Purpose
The purpose of this advisory is to bring attention to a recent OpenSSL security update.
Assessment
OpenSSL has released security updates that affect vulnerabilities (Low to Moderate) in the following products:
Affected version: OpenSSL 1.1.0 and OpenSSL 1.0.2
CVE Reference: CVE-2017-3735, CVE-2017-3736
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor released updates on affected platforms accordingly.
OpenSSL 1.1.0 users should upgrade to 1.1.0g
OpenSSL 1.0.2 users should upgrade to 1.0.2m
References: