Network Security, Patch/Configuration Management, Vulnerability Management

Open SSL to issue patch for security flaws

The OpenSSL project team announced on Tuesday an upcoming release of OpenSSL version 1.1.0c.

The update will be issued on Nov. 10  to address several security flaws. The severity of one flaw is rated "High," but does not affect OpenSSL versions prior to 1.1.0. 

This release follows a September upgrade that patched more than a dozen security vulnerabilities, including a denial-of-service bug (CVE-2016-6307), ranked low severity, as it could be exploited only if particular conditions are met. However, a Google engineer detected a critical use-after-free vulnerability in the patch that could lead to a crash and arbitrary code execution, so a second update was issued (OpenSSL 1.1.0b).

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.