OpenSSL Release Patches Critical Vulnerability
upstart writes:
OpenSSL Release Patches Critical Vulnerability:
A critical vulnerability has been discovered in current versions of OpenSSL and will need to be patched immediately. The OpenSSL Project will release version 3.0.7 on Tuesday, November 1st, 2022. This is a critical update that needs to be made immediately.
To unpack that for you a little bit, OpenSSL is a software library that is widely leveraged to enable secure network connections. And by widely leveraged, I mean almost completely ubiquitous, if you're using HTTPS, chances are you're using OpenSSL. Almost everyone is.
[...] "CRITICAL Severity. This affects common configurations and which are also likely to be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations. These issues will be kept private and will trigger a new release of all supported versions. We will attempt to address these as soon as possible."
As is pretty standard in these security situations, specifics are not available as to what the exact threat is or where the weakness may lie because they're trying to avoid tipping off opportunistic bad actors that could exploit the vulnerability before it's patched.
[...] Unfortunately, just how much time or how involved this update will be isn't something the OpenSSL project has told us yet. Regardless, Tuesday is going to be an important day, as the longer you go before updating the longer your network will potentially be vulnerable.
Read more of this story at SoylentNews.