'Severe Bug' To Be Patched In OpenSSL

Posted by timothy on Tuesday July 7, 2015 @05:25AM from the best-kind dept.

An anonymous reader writes: The Register reports that upcoming OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. It is not yet known what this mysterious vulnerability is — that would give the game away to attackers hoping to exploit the hole before the patch is released to the public. Some OpenSSL's examples of "high severity" vulnerabilities are a server denial-of-service, a significant leak of server memory, and remote code execution. If you are a system administrator, get ready to patch your systems this week. The defect does not affect the 1.0.0 or 0.9.8 versions of the library.

3 of 69 comments (clear)

Min score:

Reason:

Sort:

thanks Hacked Team! by SethJohnson · 2015-07-07 05:40 · Score: 4, Funny

Your audit of OpenSSL has already contributed back to the Open Source community, whether voluntary or not.

--
$5 / month hosted VPS on linux = awesome!
Security! by ArcadeMan · 2015-07-07 05:42 · Score: 5, Funny

Always keep your software up-to-date for security reasons!

OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. [...] The defect does not affect the 1.0.0 or 0.9.8 versions of the library.

Unless of course the up-to-date versions are less secure than the old versions...

--
Get free satoshi (Bitcoin) and Dogecoins
Re:boring boring boring booooooooooring by Anonymous Coward · 2015-07-07 05:54 · Score: 5, Funny

It gives some extra time to make up a catchy name for the vulnerability and print some t-shirts.