The upcoming Fedora 37 release is delayed further due to critical OpenSSL Vulnerability.
Fedora 37 is the upcoming final release of Fedora Linux this year. It was initially planned to be released on October 18, 2022. There were several bugs which affected its delay so far.
Now a critical security issue in OpenSSL delayed it further. It is now planned for November 15, 2022.
The OpenSSL Bug
The OpenSSL team announced in the mailing list that the fix for a critical issue is to be released on November 1, 2022, via OpenSSL v3.0.7. The nature or the details of the CVE (Common Vulnerabilities and Exposures) is currently unknown. Because the standard guideline for CVE fixes is to be corrected first before making the problem public, this is to prevent further exploitation of the security issue.
OpenSSL is a critical module for all Linux distributions. Many applications, web services, and infra services depend on it. The fedora team could not risk shipping Fedora 37 with a compromised OpenSSL version.
Once the OpenSSL fix is out, a considerable amount of impact analysis and testing is required for Fedora. Hence the current release date has shifted to November 15, 2022.
Delay in Fedora 37 and its impact
Fedora 37 is delayed 4th time with this schedule change, and it’s fine. It’s better to have a stable and secure Linux distro than a timely release. However, this Fedora 37 delay is due to an OpenSSL security issue. And we hope it’s the final delay in this release, and we will have a brand new Fedora 37 on Nov 15th.
Furthermore, the other distro versions, such as Ubuntu 22.10 and Ubuntu 22.04 LTS – are all likely running at the moment with a compromised OpenSSL version. So, they all need to work on their respective patch downstream once the fix is out on November 1st.
That said, if you want to try out Fedora 37, you can grab the BETA version today from the below link.
Fedora-Workstation-Live-x86_64-37_Beta.torrent (Torrent file)
The BETA is stable at the moment. If you are concerned about the OpenSSL incident, then refrain from using it until November 1st, 2022, especially if you use a remote desktop and similar connectivity over the internet.
In the meantime, check out my feature guide here if you want to learn more about Fedora 37 features.
Via Fedora Magazine