Emergency Fix for OpenSSL
Mark Cox of the OpenSSL project team has announced a pending OpenSSL release. Versions 1.0.2d and 1.0.1p will appear on July 9. The brief letter on the OpenSSL list says the update will fix a “single security issue classified as high severity.” The security problem apparently does not affect OpenSSL versions 1.0.0 or 0.9.8, but users of other OpenSSL versions should prepare to upgrade as soon as the fix is available.
The OpenSSL team does not give a clue about what the problem might be, other than to say it is at the “high” severity level. The mysterious absence of detail is apparently intended to prevent an attacker from exploiting the problem before a fix is available. The unusual nature of the preliminary announcement indicates the OpenSSL team sees some urgency with this problem and wants users to be ready to apply the fix right away.
Related content
- OpenSSL 3.0.7 Patches Serious Vulnerabilities
-
Security after Heartbleed – OpenSSL and its alternatives
The Heartbleed bug shocked the security community and seriously damaged the reputation of OpenSSL. Luckily, alternatives such as LibreSSL, PolarSSL, and GnuTLS are waiting in the wings. -
News for Admins
News for system administrators around the world.
-
News for Admins
OpenSSL has issued an advisory (https://www.openssl.org/news/secadv/20221101.txt) relating to two vulnerabilities (CVE-2022-3602 and CVE-2022-3786), which affect OpenSSL version 3.0.0.
- Google Forks OpenSSL