Emergency Fix for OpenSSL
Mark Cox of the OpenSSL project team has announced a pending OpenSSL release. Versions 1.0.2d and 1.0.1p will appear on July 9. The brief letter on the OpenSSL list says the update will fix a “single security issue classified as high severity.” The security problem apparently does not affect OpenSSL versions 1.0.0 or 0.9.8, but users of other OpenSSL versions should prepare to upgrade as soon as the fix is available.
The OpenSSL team does not give a clue about what the problem might be, other than to say it is at the “high” severity level. The mysterious absence of detail is apparently intended to prevent an attacker from exploiting the problem before a fix is available. The unusual nature of the preliminary announcement indicates the OpenSSL team sees some urgency with this problem and wants users to be ready to apply the fix right away.