Emergency Fix for OpenSSL

By

New release of the network encryption toolkit and library will appear on July 9

Mark Cox of the OpenSSL project team has announced a pending OpenSSL release. Versions 1.0.2d and 1.0.1p will appear on July 9. The brief letter on the OpenSSL list says the update will fix a “single security issue classified as high severity.” The security problem apparently does not affect OpenSSL versions 1.0.0 or 0.9.8, but users of other OpenSSL versions should prepare to upgrade as soon as the fix is available.

The OpenSSL team does not give a clue about what the problem might be, other than to say it is at the “high” severity level. The mysterious absence of detail is apparently intended to prevent an attacker from exploiting the problem before a fix is available. The unusual nature of the preliminary announcement indicates the OpenSSL team sees some urgency with this problem and wants users to be ready to apply the fix right away.

07/07/2015

Related content

comments powered by Disqus