For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

neeeewbie's avatar
neeeewbie
Icon for MVP rankMVP
Jul 07, 2022

thanks for your kind attention

I saw this document

but Development of versions prior to 1.1.0 is discontinued

our device using 1.0.2. so I curious 

is 1.0.2 version safe from this vulnerable?

Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Jul 07, 2022

Hi neeeewbie,

OpenSSL Security Advisory [5 July 2022]
=======================================

Heap memory corruption with RSA private key operation (CVE-2022-2274)
=====================================================================
...
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
...


AES OCB fails to encrypt some bytes (CVE-2022-2097)
===================================================
...
This issue affects versions 1.1.1 and 3.0.  It was addressed in the
releases of 1.1.1q and 3.0.5 on the 5th July 2022.
...

 https://www.openssl.org/news/secadv/20220705.txt

  • neeeewbie's avatar
    neeeewbie
    Icon for MVP rankMVP
    Jul 07, 2022

    thank you!

    I saw this news.

    this openssl vesion safe from 2274

    do you know f5 safe from 2097?