Critical OpenSSL vulnerability severely delays Fedora Linux 37
Fedora 37 was due to be released before the end of October, but if you expected to have the Linux-based operating system by Halloween, you will be very disappointed. You see, due to a critical bug in OpenSSL, the Fedora developers are halting the release until November 15 at the earliest.
The patched version of OpenSSL will come out on November 1, so the developers are targeting November 15 as a realistic date to have Fedora 37 tested and ready to go. Of course, it could end up being even later than that.
Ben Cotton, Fedora Program Manager, posted a blog post about the delay here. We share the most pertinent part of his statement below.
Fedora Linux 37 is going to be late; very late. Here’s why. As you may have heard, the OpenSSL project announced a version due to be released on Tuesday. It will include a fix for a critical-severity bug. We won’t know the specifics of the issue until Tuesday’s release, but it could be significant. As a result, we decided to delay the release of Fedora Linux 37. We are now targeting a release day of 15 November.
Most decisions happen with imperfect information. This one is particularly imperfect. If you’re not familiar with the embargo process, you might not understand why. When a security issue is discovered, this information is often shared with the project confidentially. This allows the developers to fix the issue before more people know about it and can exploit it. Projects then share information with downstreams so they can be ready.
Ironically, Fedora’s openness means we can’t start preparing ahead of time. All of our build pipelines and artifacts are open. If we were to start building updates, this would disclose the vulnerability before the embargo lifts. As a result, we only know that OpenSSL considers this the highest level of severity and Red Hat’s Product Security team strongly recommended we wait for a fix before releasing Fedora Linux 37.
What do you think about Fedora 37 being delayed? Did the developers make the correct decision? Are you happy they are being open and honest with the Fedora community? Please tell us in the comments below.
Image credit: [email protected]/depositphotos.com