CVE-2024-5535 is a vulnerability in OpenSSL to do with NPN. OpenSSL say it's not a high priority, but they have patched it.
Unfortunately that patch hasn't made it to Ubuntu 22.04, and NIST have flagged the vulnerability as critical - 9.something. Which means any corporate users with security auditing have a problem - the auditors see the 9 and say "It must go".
Does anybody have any idea about what to do about this?
cheers,
clive
(struggling with security auditors)
Bookmarks