Incident Response, Network Security, TDR, Vulnerability Management

OpenSSL says patch for high severity bug to come soon

OpenSSL announced Monday that it will release updates to patch a “high severity" vulnerability this Thursday. No further details were given other than the release, OpenSSL versions 1.0.1p and 1.0.2d, will fix a "single security defect" which does not impact versions 1.0.0 or 0.9.8, the announcement said.

Flaws allowing server DoS, "a significant leak of server memory," and remote code execution are all listed by OpenSSL as examples of high severity security issues. 

Tim Erlin, director of IT security and risk strategy, at Tripwire told via email correspondence that the pre-announcement will give software venders and end-users time to prepare for the update. "A huge part of the heartburn with Heartbleed came from the scramble to identify where organizations were vulnerable and how to apply patches," he wrote.

Back in April 2014, the Heartbleed vulnerability was discovered in widely used versions of the OpenSSL library.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.