The OpenSSL Project Team announced in an advisory published on Monday that new versions of OpenSSL will be released on Thursday to patch several security vulnerabilities. The disconcerting news is that at least one of them is considered highly serious, according to the OpenSSL Project Team.
OpenSSL member Matt Caswell reported the existence of the vulnerability in a mailing list note.
“The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases will be made available on 19th March. They will fix a number of security defects. The highest severity defect fixed by these releases is classified as “high” severity. ” states the advisory
According to the advisory, the updates will be included in the OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.
The public advisory did not provide details of the vulnerabilities that will be fixed to avoid that hackers in the wild could exploit them.
In 2014, the security experts discovered numerous flaws in the OpenSSL library which is widely used as the implementation of the SSL and TLS protocols. The most popular is the Heartbleed flaw that was discovered in April 2014, which could be exploited by attackers to steal memory content from a vulnerable server, potentially exposing sensitive data like login credentials and cryptographic keys.
Another vulnerability recently discovered, FREAK, affects the software threatening the security of encrypted connections.
In response to the security issues emerged with the encryption libraries, major vendors are funding the Core Infrastructure Initiative, a multi-million dollar project housed at The Linux Foundation “to fund open source projects that are in the critical path for core computing functions“.
(Security Affairs – OpenSSL, security)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.