Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Severe Bug' To Be Patched In OpenSSL

Posted by timothy on from the best-kind dept.

An anonymous reader writes: The Register reports that upcoming OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. It is not yet known what this mysterious vulnerability is — that would give the game away to attackers hoping to exploit the hole before the patch is released to the public. Some OpenSSL's examples of "high severity" vulnerabilities are a server denial-of-service, a significant leak of server memory, and remote code execution. If you are a system administrator, get ready to patch your systems this week. The defect does not affect the 1.0.0 or 0.9.8 versions of the library.

2 of 69 comments (clear)

  1. Security! by ArcadeMan · · Score: 5, Funny

    Always keep your software up-to-date for security reasons!

    OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. [...] The defect does not affect the 1.0.0 or 0.9.8 versions of the library.

    Unless of course the up-to-date versions are less secure than the old versions...

    --
    Get free satoshi (Bitcoin) and Dogecoins
  2. Re:boring boring boring booooooooooring by Anonymous Coward · · Score: 5, Funny

    It gives some extra time to make up a catchy name for the vulnerability and print some t-shirts.