How to update from OpenSSL 1.1.1 to OpenSSL 3.0.9?

Alex

7/24/24, 11:13 AM

I've just noticed that there's a recent OpenSSL vulnerability.

An OpenSSL vulnerability has recently been fixed with USN-6188-1 & 6119-1:
CVE-2023-2650: possible DoS translating ASN.1 object identifiers.
Ensure you have updated the package to its latest version.

What are the correct steps to update from version 1.1.1 to version 3.0.9? I am specially interested in the configuration phase of OpenSSL 3.

This is for a Ubuntu 20.04 LTS environment.

Currently by running apt update & apt upgrade, no new OpenSSL versions are installed by the system.

307

0 + 6

openssl

20.04

Artur Meinild

7/24/24, 11:15 AM

Hello. Ubuntu 22.04 already uses OpenSSL 3.0.2, and the latest vulnerabilities are patched.

Alex

7/24/24, 11:18 AM

When running `openssl version` I get `OpenSSL 1.1.1f 31 Mar 2020`

Alex

7/24/24, 11:25 AM

My bad, the environment is Ubuntu 20.04 LTS - I've just updated the initial post.

Artur Meinild

7/24/24, 12:46 PM

In this case, stay on version 1.1.1. It's still patched.

Adam Mierzwiak

7/24/24, 1:06 PM

In my case: $ openssl version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) what then to do if two packages are blocked: gjs libgjs0g

user535733

7/24/24, 6:38 PM

Exactly which CVE are you concerned about? Did you check the [Ubuntu CVE Tracker](https://ubuntu.com/security/cves) to see which version of OpenSSL 1.1.1 is appropriate, safe, and already-patched for you? 'Cause there is one.....

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to update from OpenSSL 1.1.1 to OpenSSL 3.0.9?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.