OpenSSL bug to be revealed this Thursday
A new version of the open-source crypto library will be released this week for anyone with systems running OpenSSL code, with one new update said to fix a mystery high-severity bug. OpenSSL provides encrypted HTTPS connections for a myriad of websites and other secure services.
The new versions, 1.0.2d and 1.0.1p of the software, will fix a "single security defect classified as 'high' severity", but which does not affect the 1.0.0 or 0.9.8 releases.
It is not yet known what the vulnerability is as that would spill the beans to attackers hoping to manipulate prior to the patch being released to the public.
The bug could be anything from a denial-of-service to a Heartbleed-style memory leak to a remote-code execution hole.