News for Admins
Tech News
OpenSSL 3.0.7 Patches Serious Vulnerabilities
OpenSSL has issued an advisory (https://www.openssl.org/news/secadv/20221101.txt) relating to two vulnerabilities (CVE-2022-3602 and CVE-2022-3786), which affect OpenSSL version 3.0.0. These vulnerabilities have been addressed with the release of OpenSSL 3.0.7, so users should update now.
"Users of OpenSSL 3.0.0--3.0.6 are encouraged to upgrade to 3.0.7 as soon as possible. If you obtain your copy of OpenSSL from your operating system vendor or other third party then you should seek to obtain an updated version from them as soon as possible," the OpenSSL team says (https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/).
In a previous announcement (https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html), these vulnerabilities were described as "critical" – possibly leading to remote code execution. However, the OpenSSL project team has since downgraded the threats to "high," saying they "are not aware of any working exploit that could lead to remote code execution" and have no evidence of the vulnerabilities being exploited at this time.
IBM Introduces Diamondback Tape Library
IBM recently introduced the Diamondback Tape Library, "a high-density archival storage solution that is physically air-gapped to help protect against ransomware and other cyber threats in hybrid cloud environments."
The Diamondback Tape Library (
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- OpenSSL 3.0.7 Patches Serious Vulnerabilities
- High-Severity OpenSSL Security Advisory Released
- Hackers Weaponize Open Source Software in Targeted Phishing Attempts
- Google Announces TensorStore for High-Performance Array Storage
-
Security after Heartbleed – OpenSSL and its alternatives
The Heartbleed bug shocked the security community and seriously damaged the reputation of OpenSSL. Luckily, alternatives such as LibreSSL, PolarSSL, and GnuTLS are waiting in the wings.