Due to an OpenSSL vulnerability, Fedora Linux 37 has been postponed with a new release date.
The postponement of Fedora’s releases is not something new that can surprise the devotees of this popular Linux distro. But, unfortunately, when it comes to Fedora, this has gone from episodic to more of a pattern.
The story is nearly identical to that of Fedora 36, which was released about six months ago and was delayed twice before arriving almost a month later than the initially planned date.
While some GNOME components caused the delay, it is now due to an identified and unpatched OpenSSL vulnerability. Here’s what it’s all about.
The OpenSSL developers have identified a critical vulnerability in the current version of the OpenSSL library. But, of course, they do not provide any extra details to prevent malicious exploitation until it is patched.
Therefore, the Fedora developers have no further information on the nature of the problem. And here comes an important point that we should mention.
Fedora, despite being community-driven, is at the same time a company-backed Linux distro guided in its decisions by the policies of its parent company, Red Hat. And it appears that the parent company’s decision to delay the release of Fedora 37 was decisive in this case.
As a result, we only know that OpenSSL considers this the highest level of severity, and Red Hat’s Product Security team strongly recommended we wait for a fix before releasing Fedora Linux 37.Ben Cotton, Fedora Program Manager
So, Fedora 37’s first target date was October 25, with a backup date of November 1. However, the first date has passed, and the second will not be met because the patched 3.0.7 version of the OpenSSL library addressing the critical security vulnerability is expected to be released on November 1.
With all that said, we now have a third consecutive date scheduled: November 15, when the Fedora 37 release should finally happen.
Of course, the Fedora 37 Release Party scheduled for the end of next week will also be postponed. However, there are more important things in this case.
According to my understanding, the discovered OpenSSL vulnerability also affects the current Fedora 36 release, which uses OpenSSL 3.0.5. However, this is about more than just Fedora. We’re talking about an issue that affects every Linux distro out there.
In light of this, Red Hat’s decision to postpone the release of Fedora 37 until November 15 is somewhat controversial, but the parent company appears to have decided to put security first.
In conclusion, one thing is sure: Fedora users anticipating version 37 will have to wait a little longer before enjoying the new GNOME 43, which is its main novelty.
You can read the official announcement for more information on the reasons for the Fedora 37 release delay.