This article is more than 1 year old

Batten down the hatches! OpenSSL preps fix for high impact vuln

Disappointingly, there's no snazzy name or logo with this one. Which is actually good

Sysadmins, brace yourselves: OpenSSL has announced upcoming security fixes will fix a “high” impact flaw.

Every OpenSSL release since the infamous Heartbleed vulnerability1 of April 2014 has been met with nervous anticipation, and that applies as much to the upcoming 1.0.2h, 1.0.1t releases as others before it.

The last major flare-up on this front coincided with the DROWN vulnerability, which emerged in early March.

The forthcoming OpenSSL releases, due out next Tuesday, are not accompanied by a logo or a catchy title, de rigueur for serious vulnerabilities for the last two years or so.

This is a good thing.

Experts are nonetheless jokingly being advised to change their passwords and stock up on beans… just in case.

Bugnote

1The Heartbleed bug meant attackers could read the memory of the systems protected by the vulnerable versions of OpenSSL. Anything in memory – SSL private keys, user passwords, and more – were at risk of theft as a result.

More about

TIP US OFF

Send us news


Other stories you might like