{"id":2130,"date":"2023-08-31T11:42:54","date_gmt":"2023-08-31T09:42:54","guid":{"rendered":"https:\/\/jbc-software.ch\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/"},"modified":"2023-08-31T11:49:33","modified_gmt":"2023-08-31T09:49:33","slug":"openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions","status":"publish","type":"post","link":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/","title":{"rendered":"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions."},"content":{"rendered":"\n<p>New versions are available for jbc.FTX and jbc.FTX API. The vulnerable OpenSSL version has been replaced by versions in which the bugs have been fixed. jbc.FTX uses OpenSSL Version 1.1.1v and 3.0.10 now.<\/p>\n\n<p>These vulnerabilites have been adressed (you also find a full list at<a href=\"https:\/\/www.openssl.org\/news\/vulnerabilities-3.0.html\">\/news\/vulnerabilities-3.0.html (openssl.org))<\/a>:<\/p>\n\n<p><strong>3.0.8<\/strong><br\/>CVE-2022-4203 X.509 Name Constraints Read Buffer Overflow [Moderate severity] 07 February 2023<br\/>CVE-2022-4304 Timing Oracle in RSA Decryption [Moderate severity] 07 February 2023<br\/>CVE-2022-4450 Double free after calling PEM_read_bio_ex [Moderate severity] 07 February 2023<br\/>CVE-2023-0215 Use-after-free following BIO_new_NDEF [Moderate severity] 07 February 2023<br\/>CVE-2023-0216 Invalid pointer dereference in d2i_PKCS7 functions [Moderate severity] 07 February 2023<br\/>CVE-2023-0217 NULL dereference validating DSA public key [Moderate severity] 07 February 2023<br\/>CVE-2023-0286 X.400 address type confusion in X.509 GeneralName [High severity] 07 February 2023<br\/>CVE-2023-0401 NULL dereference during PKCS7 data verification [Moderate severity] 07 February 2023<\/p>\n\n<p><strong>3.0.9<\/strong><br\/>CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints [Low severity] 21 March 2023<br\/>CVE-2023-0466 Certificate policy check not enabled [Low severity] 21 March 2023<br\/>CVE-2023-1255 Input buffer over-read in AES-XTS implementation on 64 bit ARM [Low severity] 21 March 2023<br\/>CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored [Low severity] 23 March 2023<br\/>CVE-2023-2650 Possible DoS translating ASN.1 object identifiers [Moderate severity] 30 May 2023<\/p>\n\n<p><strong>3.0.10<\/strong><br\/>CVE-2023-2975 AES-SIV implementation ignores empty associated data entries [Low severity] 07 July 2023<br\/>CVE-2023-3446 Excessive time spent checking DH keys and parameters [Low severity] 13 July 2023<br\/>CVE-2023-3817 Excessive time spent checking DH q parameter value [Low severity] 31 July 2023<\/p>\n\n<p>Updaing to OpenSSL 1.1.1v adressed these vulnerabilities (also listed at <a href=\"https:\/\/www.openssl.org\/news\/vulnerabilities-1.1.1.html\">\/news\/vulnerabilities-1.1.1.html (openssl.org)<\/a>):<\/p>\n\n<p><strong>1.1.1t<\/strong><br\/>CVE-2022-4304 Timing Oracle in RSA Decryption [Moderate severity] 07 February 2023<br\/>CVE-2022-4450 Double free after calling PEM_read_bio_ex [Moderate severity] 07 February 2023<br\/>CVE-2023-0215 Use-after-free following BIO_new_NDEF [Moderate severity] 07 February 2023<br\/>CVE-2023-0286 X.400 address type confusion in X.509 GeneralName [High severity] 07 February 2023<\/p>\n\n<p><strong>1.1.1u<\/strong><br\/>CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints [Low severity] 21 March 2023<br\/>CVE-2023-0466 Certificate policy check not enabled [Low severity] 21 March 2023<br\/>CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored [Low severity] 23 March 2023<br\/>CVE-2023-2650 Possible DoS translating ASN.1 object identifiers [Moderate severity] 30 May 2023<\/p>\n\n<p><strong>1.1.1v<\/strong><br\/>CVE-2023-3446 Excessive time spent checking DH keys and parameters [Low severity] 13 July 2023<br\/>CVE-2023-3817 Excessive time spent checking DH q parameter value [Low severity] 31 July 2023<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New versions are available for jbc.FTX and jbc.FTX API. The vulnerable OpenSSL version has been replaced by versions in which the bugs have been fixed. jbc.FTX uses OpenSSL Version 1.1.1v and 3.0.10 now. These vulnerabilites have been adressed (you also find a full list at\/news\/vulnerabilities-3.0.html (openssl.org)): 3.0.8CVE-2022-4203 X.509 Name Constraints Read Buffer Overflow [Moderate severity] [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[51,57],"tags":[],"class_list":["post-2130","post","type-post","status-publish","format-standard","hentry","category-ftx-en","category-ftx-api-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.8 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions. | jbc software<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions.\" \/>\n<meta property=\"og:description\" content=\"New versions are available for jbc.FTX and jbc.FTX API. The vulnerable OpenSSL version has been replaced by versions in which the bugs have been fixed. jbc.FTX uses OpenSSL Version 1.1.1v and 3.0.10 now. These vulnerabilites have been adressed (you also find a full list at\/news\/vulnerabilities-3.0.html (openssl.org)): 3.0.8CVE-2022-4203 X.509 Name Constraints Read Buffer Overflow [Moderate severity] [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/\" \/>\n<meta property=\"og:site_name\" content=\"jbc software\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-31T09:42:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-31T09:49:33+00:00\" \/>\n<meta name=\"author\" content=\"Jakob Braendle\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jakob Braendle\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/\"},\"author\":{\"name\":\"Jakob Braendle\",\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#\\\/schema\\\/person\\\/e16ef3ef30e540e52e59abbc01242074\"},\"headline\":\"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions.\",\"datePublished\":\"2023-08-31T09:42:54+00:00\",\"dateModified\":\"2023-08-31T09:49:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/\"},\"wordCount\":392,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#organization\"},\"articleSection\":[\"FTX\",\"FTX API\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/\",\"url\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/\",\"name\":\"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions. | jbc software\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#website\"},\"datePublished\":\"2023-08-31T09:42:54+00:00\",\"dateModified\":\"2023-08-31T09:49:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/start\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/\",\"name\":\"jbc software\",\"description\":\"Sichere Kommunikation zwischen Banken\",\"publisher\":{\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#organization\",\"name\":\"jbc software\",\"url\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/jbc-software.ch\\\/wp-content\\\/uploads\\\/jbc-software-Logo.svg\",\"contentUrl\":\"https:\\\/\\\/jbc-software.ch\\\/wp-content\\\/uploads\\\/jbc-software-Logo.svg\",\"width\":1325,\"height\":422,\"caption\":\"jbc software\"},\"image\":{\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/#\\\/schema\\\/person\\\/e16ef3ef30e540e52e59abbc01242074\",\"name\":\"Jakob Braendle\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee0e2d5497020b3a855ef47e54706df3f598c9a70e9aadd64728321f4663326d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee0e2d5497020b3a855ef47e54706df3f598c9a70e9aadd64728321f4663326d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee0e2d5497020b3a855ef47e54706df3f598c9a70e9aadd64728321f4663326d?s=96&d=mm&r=g\",\"caption\":\"Jakob Braendle\"},\"url\":\"https:\\\/\\\/jbc-software.ch\\\/en\\\/blog\\\/author\\\/jakob-braendle\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions. | jbc software","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/","og_locale":"en_US","og_type":"article","og_title":"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions.","og_description":"New versions are available for jbc.FTX and jbc.FTX API. The vulnerable OpenSSL version has been replaced by versions in which the bugs have been fixed. jbc.FTX uses OpenSSL Version 1.1.1v and 3.0.10 now. These vulnerabilites have been adressed (you also find a full list at\/news\/vulnerabilities-3.0.html (openssl.org)): 3.0.8CVE-2022-4203 X.509 Name Constraints Read Buffer Overflow [Moderate severity] [&hellip;]","og_url":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/","og_site_name":"jbc software","article_published_time":"2023-08-31T09:42:54+00:00","article_modified_time":"2023-08-31T09:49:33+00:00","author":"Jakob Braendle","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jakob Braendle","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/#article","isPartOf":{"@id":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/"},"author":{"name":"Jakob Braendle","@id":"https:\/\/jbc-software.ch\/en\/#\/schema\/person\/e16ef3ef30e540e52e59abbc01242074"},"headline":"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions.","datePublished":"2023-08-31T09:42:54+00:00","dateModified":"2023-08-31T09:49:33+00:00","mainEntityOfPage":{"@id":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/"},"wordCount":392,"commentCount":0,"publisher":{"@id":"https:\/\/jbc-software.ch\/en\/#organization"},"articleSection":["FTX","FTX API"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/","url":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/","name":"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions. | jbc software","isPartOf":{"@id":"https:\/\/jbc-software.ch\/en\/#website"},"datePublished":"2023-08-31T09:42:54+00:00","dateModified":"2023-08-31T09:49:33+00:00","breadcrumb":{"@id":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jbc-software.ch\/en\/blog\/openssl-in-jbc-ftx-and-jbc-ftx-api-are-updated-to-the-latest-versions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/jbc-software.ch\/en\/start\/"},{"@type":"ListItem","position":2,"name":"OpenSSL in jbc.FTX and jbc.FTX API are updated to the latest versions."}]},{"@type":"WebSite","@id":"https:\/\/jbc-software.ch\/en\/#website","url":"https:\/\/jbc-software.ch\/en\/","name":"jbc software","description":"Sichere Kommunikation zwischen Banken","publisher":{"@id":"https:\/\/jbc-software.ch\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jbc-software.ch\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jbc-software.ch\/en\/#organization","name":"jbc software","url":"https:\/\/jbc-software.ch\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jbc-software.ch\/en\/#\/schema\/logo\/image\/","url":"https:\/\/jbc-software.ch\/wp-content\/uploads\/jbc-software-Logo.svg","contentUrl":"https:\/\/jbc-software.ch\/wp-content\/uploads\/jbc-software-Logo.svg","width":1325,"height":422,"caption":"jbc software"},"image":{"@id":"https:\/\/jbc-software.ch\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jbc-software.ch\/en\/#\/schema\/person\/e16ef3ef30e540e52e59abbc01242074","name":"Jakob Braendle","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ee0e2d5497020b3a855ef47e54706df3f598c9a70e9aadd64728321f4663326d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ee0e2d5497020b3a855ef47e54706df3f598c9a70e9aadd64728321f4663326d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ee0e2d5497020b3a855ef47e54706df3f598c9a70e9aadd64728321f4663326d?s=96&d=mm&r=g","caption":"Jakob Braendle"},"url":"https:\/\/jbc-software.ch\/en\/blog\/author\/jakob-braendle\/"}]}},"_links":{"self":[{"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/posts\/2130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/comments?post=2130"}],"version-history":[{"count":2,"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/posts\/2130\/revisions"}],"predecessor-version":[{"id":2133,"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/posts\/2130\/revisions\/2133"}],"wp:attachment":[{"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/media?parent=2130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/categories?post=2130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jbc-software.ch\/en\/wp-json\/wp\/v2\/tags?post=2130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}