Fedora 37 postponed for two weeks due to a critical vulnerability in OpenSSL

Developers of the Fedora announced about the transfer of the release of fedora 37 to 15 to 15 to 15 to 15 On November, due to the need to eliminate critical vulnerability in the OpenSSL library. Since data on the essence of vulnerability will be disclosed only on November 1 and it is not clear how long it will take to implement protection in the distribution, it was decided to postpone the release for 2 weeks. This is not the first postponement-initially the release of Fedora 37 expected October 18, on October 18, But twice was postponed (on October 25 and November 1) of their non-fulfillment of quality criteria.

Currently, in the final test assemblies remain incorporate 3 Problems , which are attributed to blocking the release of the release . In addition to need eliminating vulnerability in opensl, mentions calling Kwin composite manager when starting the KDE Plasma session when setting the Nomodeset mode (basic graphics) in UEFI and freezing GNOME-CALENDAR application when editing repeating events.

Critical vulnerability to Opensl affects only the branch 3.0.x, the issues of 1.1.1x vulnerabilities not Explored . Vulnerability is assigned to the category of critical, the details are not yet reported, but in terms of danger the problem is close to the sensational vulnerability of Heartbleed. The critical level of danger implies the possibility of a remote attack on typical configurations. Critical problems can be attributed to remote leaks of the contents of the server memory, performing the attacking code or compromise of server closed keys. Correction of Openssl 3.0.7 with the elimination of the problem and information about the essence of the vulnerability will be published 1 November.

/Media reports.