Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Severe Bug' To Be Patched In OpenSSL

Posted by timothy on from the best-kind dept.

An anonymous reader writes: The Register reports that upcoming OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. It is not yet known what this mysterious vulnerability is — that would give the game away to attackers hoping to exploit the hole before the patch is released to the public. Some OpenSSL's examples of "high severity" vulnerabilities are a server denial-of-service, a significant leak of server memory, and remote code execution. If you are a system administrator, get ready to patch your systems this week. The defect does not affect the 1.0.0 or 0.9.8 versions of the library.

1 of 69 comments (clear)

  1. Re:No more! by Anonymous Coward · · Score: 4, Informative

    GPLv2 (not LGPL) will be a big showstopper for some projects.