OpenSSL to patch mystery "high severity" flaw

News by Doug Drinkwater

The OpenSSL project team has announced the forthcoming release of versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf which will be made available on Thursday 19 March.

In an advisory note published last night, the project says that these will fix several security defects, including one classified as “high” severity. More details on this mystery vulnerability are unavailable at this time, although some industry experts have speculated that this could be another Poodle or Heartbleed vulnerability, TLS/SSL flaws that are still said to be affecting IT security teams today.

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS) protocols as well as a full-strength general purpose cryptography library. The group fixed eight security issues in January, including problems with certificates and denial of service (DoS).

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews