[Vulnerability] OpenSSL 3.2.0 < 3.2.4 Vulnerability

[SaherH]

Description
Vulnerable libcrypto in /opt/saltstack is being reported by the nessus scanner

Plugin ID	CVE	CVSS	Risk	Name	Solution	Plugin Output
209153	CVE-2024-9143	8.8	High	OpenSSL 3.2.0 < 3.2.4 Vulnerability	Upgrade to OpenSSL version 3.2.4 or later.	Path : /opt/saltstack/salt/lib/libcrypto.so.3 Reported version : 3.2.2 Fixed version : 3.2.4

https://www.tenable.com/plugins/nessus/209153
https://www.cve.org/CVERecord?id=CVE-2024-9143

Setup

• VM (Virtualbox)
• onedir packaging

Versions Report

salt --versions-report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

Salt Version:
          Salt: 3006.9
 
Python Version:
        Python: 3.10.14 (main, Jun 26 2024, 11:44:37) [GCC 11.2.0]
 
Dependency Versions:
          cffi: 1.14.6
      cherrypy: 18.6.1
  cryptography: 42.0.5
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.4
       libgit2: Not Installed
  looseversion: 1.0.2
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 22.0
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.19.1
        pygit2: Not Installed
  python-gnupg: 0.4.8
        PyYAML: 6.0.1
         PyZMQ: 23.2.0
        relenv: 0.17.0
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4
 
System Versions:
          dist: rocky 8.10 Green Obsidian
        locale: utf-8
       machine: x86_64
       release: 4.18.0-553.16.1.el8_10.x86_64
        system: Linux
       version: Rocky Linux 8.10 Green Obsidian