OpenSSL preps fix for high impact vulnerability

M

Mihir :-)

Thread author
Sysadmins, brace yourselves: OpenSSL has announced upcoming security fixes will fix a “high” impact flaw.

Every OpenSSL release since the infamous Heartbleed vulnerability1 of April 2014 has been met with nervous anticipation, and that applies as much to the upcoming 1.0.2h, 1.0.1t releases as others before it.

The last major flare-up on this front coincided with the DROWN vulnerability, which emerged in early March.

The forthcoming OpenSSL releases, due out next Tuesday, are not accompanied by a logo or a catchy title, de rigueur for serious vulnerabilities for the last two years or so.

This is a good thing.

Experts are nonetheless jokingly being advised to change their passwords and stock up on beans… just in case.

Bugnote
1The Heartbleed bug meant attackers could read the memory of the systems protected by the vulnerable versions of OpenSSL. Anything in memory – SSL private keys, user passwords, and more – were at risk of theft as a result.
 
  • Like
Reactions: _CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Good to hear, but I wonder why it has taken so long, I had not herd any more of the Heartbleed problem for so long that I assumed it was dealt with.
I guess all the Ransomeware news could have pushed it out of the spotlight.
Another good share, Thanks Mihir
PeAcE
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top