Zoom 5.6.10 Vulnerabilities with OpenSSL .dll need version 3.1.5

I’ll believe it when I see it. Thanks for letting us know. :+1:

2 Likes

Great. I’ll have something to look forward to in 2028.

1 Like

At this rate the fix will probably ship as soon as OpenSSL 3 goes end of life and 4 becomes the standard :joy:

Running Zoom 6.0.10.39647 and it’s now OpenSSL 3.1.5
Check release notes for May 20, 2024 version 6.0.10 (39171)

Zoom has only got CVE-2024-4603 and CVE-2024-2511 against it now until they increase the dependency.

1 Like

We are now removing zoom client from our estate of nearly 30,000 machines as your responses are far from satisfactory e.g. commentry/acknowledgement on the cve and time to remmediate.

1 Like

6 weeks after Dante’s post and still no 6.1 release. looks like Zoom wants to wait to make sure we get something nice for Xmas instead :rofl:

i wonder how many people that have posted in this thread are at a different job/role right now compared to when they first posted.

it won’t be too long before someone makes a post in here asking for this to be fixed for the 3rd company/job they’re at where this still remains an issue.

1 Like

@donte.zoom - Please could you provide an update as to why the resolves haven’t been rolled out as promised in 6.1 today

1 Like

Anything? Anything at all?

Hello all, I have shared your concerns and am waiting for a response.

Please fix your dependent libraries. The openssl vulnerabilities are consistently at the top of the list of addressable items.

4 Likes

Zoom: This is unacceptable. It’s been many months now. Either fix it or explain the hold up!

3 Likes

28 Days Later

Great film….but thats the time we’ve waited for a reply

2 Likes

can’t even post replies to keep it live as they limit us to 3 posts per thread within a certain time frame

Even a fresh installation of version 5.17.1 (28914) still includes the outdated OpenSSL 3.1.1.0 binaries.

Still waiting on an update on progress here.

1 Like

Hi All,

Please upgrade to Zoom client version client version 6.1.0 or higher. We upgraded to openSSL library 3.1.5 in May so openSSL is no longer an issue.

Similarly client version 6.1.0 and up avoids CVE-2023-5678. On the other hand, I have confirmed with security engineering that CVE-2024-2511 and CVE-2024-4603 have no impact on the Zoom client, but am looking into a formal communications response to provide more clarity for client users.

2 Likes

The issue persists even after updating to version 6.1.6 !!!

1 Like

Hi @mohhusr which specifically is the issue for you? OpenSSL or CVE?

OpenSSL , the below files vulnerable

c:\program files\zoom\bin\libcrypto-3-zm.dll

c:\program files\zoom\bin\libssl-3-zm.dll