OpenSSL flaw should be patched today

@ 2022/11/02
Highest severity issue, could be the next heartbleed

A critical vulnerability in the OpenSSL open source cryptography library, is set to be patched this afternoon (Tuesday 1 November).

The OpenSSL project underlies the majority of encryption across the internet kept quiet about the flaw and just said in October that version 3.0.7 should be installed as soon as it becomes available.

The last such release took place in 2016 and appears to be to do with the critical vulnerability found in the component since the project starting tracking such things in the wake of Heartbleed.

For those who came in late, Heartbleed is a coding flaw that could allow an attacker to repeatedly get at unecrypted data from the memory of systems using vulnerable versions of OpenSSL, and it shook the industry to its foundations when it was made public in April 2014.

No comments available.