CVE-2022-0778 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates

It’s not a habit to alert for every security thingy, because we’re not a special interest group for IT security. However, we do host our own infrastructure with user data. So it’s good to inform each other when there are serious threats out there.

There was of course already CVE-2022-0847, I didn’t create an alert for that, because it’s only locally exploitable. Of course, if you don’t fully trust users on your system, it becomes a different story. Nonetheless, always keep up with system updates.

But the one behind the reason I created this topic is remotely exploitable, CVE-2022-0778 could potentially crash servers running an outdated openssl. tzmc1 is already up2date. Tagging the @it-team to notify them of this issue as well.