OpenSSL Issuing Fixes for High Severity Flaws on Thursday

OpenSSL will issue an emergency patch on Thursday following discovery of a critical security flaw.
OpenSSL will issue an emergency patch on Thursday following discovery of a critical security flaw.

In-brief: The OpenSSL Project is publishing software updates to address a range of security flaws, at least one of them rated “critical.” The update comes amid a comprehensive audit of the OpenSSL code. 

The OpenSSL Project said on Monday that it is readying an emergency patch to fix a number of security flaws, one of them a “high” severity vulnerability.

The Project said it would release OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf on Thursday, March 19th. The update comes after the message reads.

[Read more Security Ledger coverage of the Heartbleed vulnerability.]

The news follows the revelation, last year, of “Heartbleed,” a critical vulnerability in OpenSSL that affected a staggering number of devices, from web application servers to CCTV cameras to HVAC systems.

In the wake of that vulnerability, The Linux Foundation launched a Core Infrastructure Initiative to steer funds to projects like OpenSSL that are “critical path for core computing functions.”

Last week, the Foundation announced that it would fund an audit of OpenSSL. It is unclear whether the vulnerabilities patched this week are a product of that audit, the full results of which are expected later this year.

Read more via OpenSSL to Fix “High” Severity Security Flaw on Thursday.

Spread the word!