OpenSSL/Kernel Security Update (MINDBREEZE25384)

ID: MINDBREEZE25384 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 7.5 High 
Status: Final 
First published: November 30, 2022 
CVEs: CVE-2022-3786, CVE-2022-3602, CVE-2022-3435 

Summary 

• OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602) 
• OpenSSL: X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) 
• kernel: Out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c (CVE-2022-3435) 

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 22.2 HF2 Release (Version 22.2.2.811) 

• Mindbreeze InSpire SaaS 22.2 HF2 Release (Version 22.2.2.811)