Open SSL vulnerability - version lower than 3.1.5

Forum|Forum|1 year ago
February 14, 2024
3 replies
4 views

Hi,

The previous thread https://community.zoom.com/t5/Meetings/OpenSSL-Vulnerability-Zoom-Meetings-uses-old-version-3-1-1/m-p/155540#M87488 has been marked as closed.

Please advise if there is an updated Zoom installer version available that includes OpenSSL version 3.1.5 or above?

Please would you let us have an eta?

Meeting Features

ZoomVA

Community Manager

@PaulB10000 The latest Zoom client utilizes security fixes addressed in OpenSSL 3.1.5 and is packaged with version 3.1.4. Since Microsoft Defender only detects OpenSSL 3.1.4 and not our custom fix, it outputs a warning. Once OpenSSL 3.1.5 is available as a stable release, Zoom plans to adopt this version into the Zoom apps and that change will be called out in our official release notes. Many thanks to @Bort for researching this internally.

B

BizD3v

Newcomer

Virginia, thank you for the info--knowing you have a custom patch in place provides some peace of mind.
And 3.1.5 has been stable for months, 3.1.6 is now stable for over a month. Zoom has done major updates, moving us all to your workplace. But if it continues to be months to years behind (this issue has been around that long, going back in my experience to at least 3.1), I'm going to have to remove Zoom from all our client systems. It simply represents too much custom work for our security folks to constantly make exceptions for your software.
Is there any plan to actually address this?

N

nathian

Newcomer

Hi @VA11_2 Has there been any update on this one?

N

nathian

Newcomer

@Bort Please can you give anymore info on the above?

Thanks