Friday, July 11, 2025
  • Login
Euro Times
No Result
View All Result
  • Home
  • Finance
  • Business
  • World
  • Politics
  • Markets
  • Stock Market
  • Cryptocurrency
  • Investing
  • Health
  • Technology
  • Home
  • Finance
  • Business
  • World
  • Politics
  • Markets
  • Stock Market
  • Cryptocurrency
  • Investing
  • Health
  • Technology
Euro Times
No Result
View All Result

OpenSSL is patching just its second critical security flaw ever

by Euro Times
October 28, 2022
in Technology
Reading Time: 2 mins read
A A
0
Home Technology
Share on FacebookShare on Twitter

OpenSSL is preparing to patch (opens in new tab) its first critical flaw in eight years. The OpenSSL Project have announced a new software update that should fix several vulnerabilities in the open-source toolkit, including one flaw defined as critical. 

“The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 3.0.7. This release will be made available on Tuesday 1st November 2022 between 1300-1700 UTC.” reads the announcement (opens in new tab). “OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in this release is CRITICAL.”

“Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations,” the developers said.

Patch coming next month

The flaw impacts versions 3.0 and newer, and is the second critical vulnerability to ever be addressed by the OpenSSL Project, with Heartbleed (CVE-2014-0160) being the first one in 2014. 

The release date for the 3.0.7 version is now set for November 1. The developers describe it as a “security-fix release”. In parallel, there will be a bug-fix release, 1.1.1s, published on the same day. 

CTO of Sonatype, Brian Fox, doesn’t seem all too happy about the way OpenSSL Project addressed the issue, saying it put developers in a dangerous position: 

“All we know so far is that the issue is considered critical by the team, only the second critical vulnerability in OpenSSL since they started tracking after the Heartbleed bug and fallout in 2014. We know that this only seems to affect versions 3.0 and above, but not how broadly applicable or how easily exploitable this issue will be, and that it will be fully disclosed on November 1st.”

He then proceeds to ask three hypothetical questions: If a company learns about a new vulnerability, in the way OpenSSL Project just announced one, how long would it take for an IT pro to learn if his company is using any version of this component, anywhere in its portfolio, in which applications it’s using the affected versions, and how long before the company can remediate the problem – hinting that a potential disaster is on the horizon.

“If you aren’t able to immediately answer the three questions I posed above, you have six days to prepare,” he warns. “The clock is ticking.”

OpenSSL core team member, Mark J. Cox, on the other hand, argues that with details about the vulnerability being so scarce, the chances of crooks abusing it before it’s patched are slim. Giving IT teams a heads up as the patch arrives far outweighs the potential risks of crooks abusing the flaw, he suggests:

“Given the number of changes in 3.0 and the lack of any other context information, [threat actors going through the commit history between versions 3.0 and the current one to find anything] is very highly unlikely,” he tweeted. 

Via: Security Affairs (opens in new tab)



Source link

Tags: CriticalflawOpenSSLpatchingsecurity
Previous Post

Economic Advice From A Caterpillar, McDonald’s Golden Earnings

Next Post

Twitter Introduces Tweet Tiles for NFTs

Related Posts

Google’s Veo 3 in Gemini Upgraded With Image to Video Generation Capability

Google’s Veo 3 in Gemini Upgraded With Image to Video Generation Capability

by Akash Dutta
July 11, 2025
0

Google is now bettering the performance of its Veo 3 video era mannequin with the inclusion of image-to-video era. On...

Today’s NYT Connections: Sports Edition Hints, Answers for July 11 #291

Today’s NYT Connections: Sports Edition Hints, Answers for July 11 #291

by Gael Cooper
July 11, 2025
0

On the lookout for the most up-to-date common Connections solutions? Click on right here for as we speak's Connections hints, in...

Crucial’s super-fast X9 portable SSD is excellent—and now it’s  off

Crucial’s super-fast X9 portable SSD is excellent—and now it’s $60 off

by Michael Crider
July 10, 2025
0

Cloud storage is nice and tremendous useful, however generally you simply gotta transfer loads of recordsdata round, bodily, actually quick....

Sony Xperia 1 VII units in more regions are dying, but there’s a temporary solution

Sony Xperia 1 VII units in more regions are dying, but there’s a temporary solution

by Tushar Mehta
July 10, 2025
0

Credit score: Sony Sony has acknowledged that the random reboot and shutdown points with its flagship Xperia 1 VII smartphone...

Musk makes grand promises during Grok 4 live demo, ignores Nazi scandal

Musk makes grand promises during Grok 4 live demo, ignores Nazi scandal

by Hayden Field
July 10, 2025
0

Elon Musk’s dwell demo of Grok 4, the newest big-ticket mannequin from his AI startup, started with high-intensity music, claims...

The best Prime Day gaming deals from laptops and peripherals to the latest video games

The best Prime Day gaming deals from laptops and peripherals to the latest video games

by Sam Rutherford,Kris Holt
July 10, 2025
0

There may be nothing extra elegant than having a wonderfully kitted out gaming station. That stated, staying up to the...

Next Post
Twitter Introduces Tweet Tiles for NFTs

Twitter Introduces Tweet Tiles for NFTs

S&P 500, Nasdaq slide, but Dow ends higher on mixed earnings picture By Reuters

S&P 500, Nasdaq slide, but Dow ends higher on mixed earnings picture By Reuters

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Why ACA health insurance premiums may see ‘sharp’ increase in 2026

Why ACA health insurance premiums may see ‘sharp’ increase in 2026

July 11, 2025
PEP, Supportive Care, and More

PEP, Supportive Care, and More

July 11, 2025
Research Predicts 0,000 Bitcoin By EOY, If Treasury Firms Hold

Research Predicts $160,000 Bitcoin By EOY, If Treasury Firms Hold

July 11, 2025
Russia develops Mi-80 to replace iconic Hip helicopter

Russia develops Mi-80 to replace iconic Hip helicopter

July 11, 2025
Elon Musk’s SpaceX set to launch Israel’s Dror satellite

Elon Musk’s SpaceX set to launch Israel’s Dror satellite

July 11, 2025
Corn Sticking Close to Unchanged at Midday

Corn Sticking Close to Unchanged at Midday

July 11, 2025
Euro Times

Get the latest news and follow the coverage of Business & Financial News, Stock Market Updates, Analysis, and more from the trusted sources.

CATEGORIES

  • Business
  • Cryptocurrency
  • Finance
  • Health
  • Investing
  • Markets
  • Politics
  • Stock Market
  • Technology
  • Uncategorized
  • World

LATEST UPDATES

Why ACA health insurance premiums may see ‘sharp’ increase in 2026

PEP, Supportive Care, and More

  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2022 - Euro Times.
Euro Times is not responsible for the content of external sites.

No Result
View All Result
  • Home
  • Finance
  • Business
  • World
  • Politics
  • Markets
  • Stock Market
  • Cryptocurrency
  • Investing
  • Health
  • Technology

Copyright © 2022 - Euro Times.
Euro Times is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In