Two high severity vulnerabilities have been reported in OpenSSL this week. All versions of OpenSSL from 3.0.0 to 3.0.6 are affected. Both vulnerabilities are fixed in version 3.0.7.
We have patched every server that we manage. If you have any unmanaged Linux servers, patching is your responsibility. We recommend that you act as soon as possible.
Depending on your Linux distro, this can be a very simple job. If you are running the latest LTS version of Ubuntu (22.04) for example, you only need to run a standard package upgrade.
To learn more about the vulnerabilities themselves, see CVE-2022-3602 and CVE-2022-3786 on the OpenSSL Vulnerabilities page.
With Server Management you don’t need to lift a finger
Server Management proves its own worth in times like these. This is the second time this year (after PwnKit in January) that we’ve had all managed servers patched against a major vulnerability before we’ve even had time to blog about it.
When we say that Server Management includes active threat monitoring and fast response times, this is what we’re talking about. Our managed customers have been able to get on with doing what they do best today, rather than worrying about server security and system administration.
If you'd like to add more peace of mind to your hosting, we're always ready to talk about managing your servers.