Looks like many people who are on LTS releases have dodged a bullet with the new OpenSSL vulnerability. The vulnerability reportedly only affect version 3+ of OpenSSL. Many LTS releases are on 1.1.1 and not affected.
OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC. Does not affect versions before 3.0. https://t.co/jIRQhx0nCr
— Mark J Cox (infosec.exchange/@iamamoose) (@iamamoose) October 25, 2022