Search Options
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Forums
All Forums
My Forums
IBM i
IBM zSystems
MultiValue
Uniface
Browse
Help/FAQs
All Discussion Posts
Blog Posts
Announcements
Digital Disrupted Podcast
Getting Started
Join the Forum
Open-source Languages & Tools for z/OS
View Only
Sub-Forum Home
Threads
2.7K
Members
382
Back to {0}
Are any Rocket z/OS tools affected by OpenSSL vulnerability CVE-2022-3602 ?
Thread closed by the administrator, not accepting new replies.
Add a tag
x
User Tags may not contain the following characters: @ # $ & :
PARTNER
Richard Walton
posted 11-02-2022 17:02
Hi.
OpenSSL recently reported critical/high vulnerability
CVE-2022-3602 which is a buffer overrun in v3.x that is fixed in v3.0.7.
Can you confirm that this vulnerability is not present in the OpenSSL supplied with Rocket z/OS Open-Source tools or any other z/OS tool supplied by Rocket?
The "openssl version" command shows OpenSSL at v1.0.2 in Rocket Open-Source tools for z/OS so it would appear that this version is not affected.
Thanks.
ROCKETEER
Alexander Klochkov
posted 11-03-2022 07:29
Hi Richard,
According to nvd.nist.gov, CVE-2022-3602 only affects versions 3.0.x. The current version of OpenSSL in Rocket Open AppDev for Z is
1.1.1k
and has been updated recently to include the latest security fixes.
Thanks,
Alexander
Peter Fandel
posted 11-04-2022 10:28
Hi Richard, did I read correctly you are running v1.0.2 of Open SSL?! That build is years old and has a great many vulnerabilities I am sure. Possibly none that are critical in severity and we know this latest CVE does not affect you but your version is so old I don't even have records anymore so I can't even tell you which vulnerabilities it has. If you are counting on being up to date with security vulnerabilities I strongly recommend getting on paid support as using our ports without support means you are always running up to six months behind on security fixes.
Copyright 2022. All rights reserved.
Powered by Higher Logic