OpenSSL is one of the most widely used open-source libraries worldwide. On October 26th, the OpenSSL Project team announced a new critical vulnerability in versions 3.0 and above. It is likely to affect common configurations and be exploitable.
Although OpenSSL v3 is the newer version, it is still significantly less prevalent than OpenSSL v1, which is not impacted by this vulnerability. The Indeni product is running the maintained Long Term Support version (the 1.1.1 series). This version is supported until September 11, 2023.
Thankfully, that’s one less server you need to patch. If you have additional questions related to the OpenSSL vulnerability, please do not hesitate to contact us.