OpenSSL has announced that between 14:00 and 18:00 on 1 November 2022, a new version (3.0.7) with a critical security fix will be released.
This means that OpenSSL has assessed that common configurations are vulnerable and may be exploited.
There is no information about older versions of OpenSSL being vulnerable, it should only affect version 3.0.X.
Due to the severity of the vulnerability, no further information is available yet.
We recommend following the CERT-SE article which is updated regularly.
How does this affect me?
This affects you if you have your own server (VPS/Do-It-Yourself) with us that uses OpenSSL 3.0.x.
If your server is using a vulnerable version, we strongly recommend that you be prepared to update to version 3.0.7 as soon as it is available.
To see which version of OpenSSL you are using on your server, you can run the openssl version
command.
Keep in mind that the locally installed version may be different from what is used by your application, for example if you are using Docker. Docker has published a list of vulnerable images.
Are Oderland services affected?
No. None of our servers and systems are affected or vulnerable. Only you who have a VPS/Do-it-yourself and use a vulnerable version yourself are affected.