Severely outdated, vulnerable openssl libraries in Framemaker

Question

For several months now, I am increasingly urged by our IT security/compliance team to update vulnerable openssl libraries belonging to FrameMaker (i.e. libcrypto-3-x64.dll and libssl-3-x64.dll being vulnerable to CVE-2024-12797, CVE-2024-13176, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143).

Updating to the latest 17.0.8 release does not solve the issue, as the outdated and vulnerable SSL libraries are included in there.

This leads me to the following questions:

When will Adobe provide patched SSL libraries for FrameMaker?
Can I use newer SSL libraries (e.g. those included in latest Adobe Reader) as a (temporary) replacement?

Thanks.

Jeff_Coatsworth · Answer

Who knows? Not us - we’re all users just like you. You need to ping the FM folk directly - try tcssup@adobe.comand let us know what they say. Frankly, I’ve never heard of any attack on FM itself - maybe the HTML5 output, but not FM itself.Maybe - back up the existing ones and try it out & report back.

Anmelden

Login über soziales Netzwerk

Willkommen

Login über soziales Netzwerk

Scanne Datei nach Viren

Diese Datei kann nicht heruntergeladen werden