Zoom 5.6.10 Vulnerabilities with OpenSSL .dll need version 3.1.5

ziPRR · May 3, 2024, 5:33pm

I’ll believe it when I see it. Thanks for letting us know.

stopwritingshit · May 10, 2024, 4:09am

Great. I’ll have something to look forward to in 2028.

zoomuser-16 · May 15, 2024, 1:30pm

At this rate the fix will probably ship as soon as OpenSSL 3 goes end of life and 4 becomes the standard

HelpdeskLCC · May 21, 2024, 1:12am

Running Zoom 6.0.10.39647 and it’s now OpenSSL 3.1.5
Check release notes for May 20, 2024 version 6.0.10 (39171)

Zoom has only got CVE-2024-4603 and CVE-2024-2511 against it now until they increase the dependency.

danielpalmer · May 30, 2024, 1:39pm

We are now removing zoom client from our estate of nearly 30,000 machines as your responses are far from satisfactory e.g. commentry/acknowledgement on the cve and time to remmediate.

zoomuser-16 · June 13, 2024, 1:23pm

6 weeks after Dante’s post and still no 6.1 release. looks like Zoom wants to wait to make sure we get something nice for Xmas instead

i wonder how many people that have posted in this thread are at a different job/role right now compared to when they first posted.

it won’t be too long before someone makes a post in here asking for this to be fixed for the 3rd company/job they’re at where this still remains an issue.

pbow · June 17, 2024, 5:33pm

@donte.zoom - Please could you provide an update as to why the resolves haven’t been rolled out as promised in 6.1 today

pbow · June 27, 2024, 10:01pm

Anything? Anything at all?

gianni.zoom · July 3, 2024, 7:20pm

Hello all, I have shared your concerns and am waiting for a response.

stopwritingshit · July 5, 2024, 3:24am

Please fix your dependent libraries. The openssl vulnerabilities are consistently at the top of the list of addressable items.

TechNash · July 7, 2024, 9:06pm

Zoom: This is unacceptable. It’s been many months now. Either fix it or explain the hold up!

pbow · July 31, 2024, 7:25pm

28 Days Later

Great film….but thats the time we’ve waited for a reply

zoomuser-16 · August 5, 2024, 3:19pm

can’t even post replies to keep it live as they limit us to 3 posts per thread within a certain time frame

scootmcnairy85 · August 8, 2024, 12:41pm

Even a fresh installation of version 5.17.1 (28914) still includes the outdated OpenSSL 3.1.1.0 binaries.

stopwritingshit · August 14, 2024, 4:33am

Still waiting on an update on progress here.

gianni.zoom · August 14, 2024, 7:03pm

Hi All,

Please upgrade to Zoom client version client version 6.1.0 or higher. We upgraded to openSSL library 3.1.5 in May so openSSL is no longer an issue.

Similarly client version 6.1.0 and up avoids CVE-2023-5678. On the other hand, I have confirmed with security engineering that CVE-2024-2511 and CVE-2024-4603 have no impact on the Zoom client, but am looking into a formal communications response to provide more clarity for client users.

mohhusr · August 20, 2024, 12:41pm

The issue persists even after updating to version 6.1.6 !!!

gianni.zoom · August 20, 2024, 3:17pm

Hi @mohhusr which specifically is the issue for you? OpenSSL or CVE?

mohhusr · August 22, 2024, 7:46am

OpenSSL , the below files vulnerable

c:\program files\zoom\bin\libcrypto-3-zm.dll

c:\program files\zoom\bin\libssl-3-zm.dll

Topic		Replies	Views
Library flaws reported within your Android SDK Android	5	821	April 3, 2022
Error code: 105035 when sharing on Windows v4.6.15074.0203 Windows	11	17195	June 27, 2020
Zcscpthoset.exe - System Error Cmmlib.dll is missing Windows	10	4194	August 21, 2020
OWASP secure for mac Zoom Apps	1	221	April 21, 2023
Windows Zoom SDK: LNK2001 on DuiLib64, even when linker is correct Windows video-sdk	11	254	April 4, 2024

Zoom 5.6.10 Vulnerabilities with OpenSSL .dll need version 3.1.5

Related Topics