Dejkala
No Result
View All Result
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
No Result
View All Result
Dejkala
No Result
View All Result
Home Latest update

OpenSSL warns of critical security vulnerability with upcoming patch- Dejkala

by hasibul
October 27, 2022
in Latest update
0
OpenSSL warns of critical security vulnerability with upcoming patch- Dejkala
0
VIEWS
Share on FacebookShare on Twitter


Person holding their head in distress looking at a server rack

Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It’s also what is used to lock down pretty much every secure communications and networking application and device out there. 

So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)’s VP of Security, this week tweeted, “OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC.”

How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. 

It’s likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely. In other words, pretty much everything you don’t want happening on your production systems.

Eep! 

Also: These cybersecurity vulnerabilities are most popular with hackers right now – have you patched them?

The last time OpenSSL had a kick in its security teeth like this one was in 2016. That vulnerability could be used to crash and take over systems. Even years after it arrived, security company Check Point estimated it affected over 42% of organizations. 

This one could be worse. We can only hope it’s not as bad as that all-time champion of OpenSSL’s security holes, 2014’s HeartBleed.

So why announce the security hole before the patch is in? Cox explained, “That’s our policy … to provide folks with a date they know to be ready to parse an advisory and see if the issue affects them.” 

But couldn’t a hacker find it and exploit it as a zero-day? He doesn’t think so. “Given the number of changes in 3.0 and the lack of any other context information, such scouring is very highly unlikely.”

Also: Linux devices are increasingly under attack from hackers, security researchers warn

There is another little silver lining in this dark cloud. This new hole only affects OpenSSL versions 3.0.0 through 3.0.6. So, older operating systems and devices are likely to avoid these problems. For example, Red Hat Enterprise Linux (RHEL) 8.x and earlier and Ubuntu 20.04 won’t be smacked by it. RHEL 9.x and Ubuntu 22.04, however, are a different story. They do use OpenSSL 3.x.

If you’re a Linux user, you can check your own system by running the shell command: 

# openssl version

In my case, my laptop in front of me is running Debian Bullseye, which uses OpenSSL 1.1, so this machine is good.

But, if you’re using anything with OpenSSL 3.x in — anything — get ready to patch on Tuesday. This is likely to be a bad security hole, and exploits will soon follow. You’ll want to make your systems safe as soon as possible.

Related stories:




ShareTweetShare

Related Posts

ByteDance could be entering the e-book market. Should Amazon be worried?- Dejkala
Latest update

ByteDance could be entering the e-book market. Should Amazon be worried?- Dejkala

May 10, 2023
Learn how to scale a YouTube channel with this bundle- Dejkala
Latest update

Learn how to scale a YouTube channel with this bundle- Dejkala

May 10, 2023
A look at Locksmith, which let Apple II users make duplications of floppy disks, kickstarting one of the earliest copy protection battles of the PC era (Laine Nooney/VICE)- Dejkala
Latest update

A look at Locksmith, which let Apple II users make duplications of floppy disks, kickstarting one of the earliest copy protection battles of the PC era (Laine Nooney/VICE)- Dejkala

May 10, 2023
Uber starts offering flight bookings in the UK- Dejkala
Latest update

Uber starts offering flight bookings in the UK- Dejkala

May 10, 2023
MediaTek’s newest Dimensity chip is built for gaming phones- Dejkala
Latest update

MediaTek’s newest Dimensity chip is built for gaming phones- Dejkala

May 10, 2023
A critique of a16z's State of Crypto 2023 report, which seems to be an exercise in propaganda with the sole goal of bolstering the VC firm's bottom line (Molly White)- Dejkala
Latest update

A critique of a16z's State of Crypto 2023 report, which seems to be an exercise in propaganda with the sole goal of bolstering the VC firm's bottom line (Molly White)- Dejkala

May 10, 2023
Next Post
Apple reports record Q4 revenue up 8% YoY to $90.1B, net income up 1% YoY to $20.7B, and annual revenue up 8% YoY to $394.3B (Apple)- Dejkala

Apple reports record Q4 revenue up 8% YoY to $90.1B, net income up 1% YoY to $20.7B, and annual revenue up 8% YoY to $394.3B (Apple)- Dejkala

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Recommended

Investor letter: Multicoin Capital's hedge fund lost 91.4% in 2022; in November it said 10% of assets were stuck on FTX and it had exposure to FTT, SOL, and SRM (Tracy Wang/CoinDesk)- Dejkala

Investor letter: Multicoin Capital's hedge fund lost 91.4% in 2022; in November it said 10% of assets were stuck on FTX and it had exposure to FTT, SOL, and SRM (Tracy Wang/CoinDesk)- Dejkala

March 5, 2023
Sound Burger portable record player returns from the ’80s with Bluetooth, USB-C- Dejkala

Sound Burger portable record player returns from the ’80s with Bluetooth, USB-C- Dejkala

November 1, 2022
3 reasons why Motorola’s $699 ThinkPhone is a dream phone for business power users- Dejkala

3 reasons why Motorola’s $699 ThinkPhone is a dream phone for business power users- Dejkala

April 26, 2023
Citizen Lab: NSO Group deployed at least three new "zero-click" hacks against iPhones with iOS 15 and early versions of iOS 16 in 2022; Apple fixed the exploits (Joseph Menn/Washington Post)- Dejkala

Citizen Lab: NSO Group deployed at least three new "zero-click" hacks against iPhones with iOS 15 and early versions of iOS 16 in 2022; Apple fixed the exploits (Joseph Menn/Washington Post)- Dejkala

April 18, 2023
DirecTV dumps Newsmax instead of paying new fee, drawing Republican outrage- Dejkala

DirecTV dumps Newsmax instead of paying new fee, drawing Republican outrage- Dejkala

January 25, 2023
How McLaren is preparing for Formula E’s Gen3 debut- Dejkala

How McLaren is preparing for Formula E’s Gen3 debut- Dejkala

December 14, 2022
ByteDance could be entering the e-book market. Should Amazon be worried?- Dejkala

ByteDance could be entering the e-book market. Should Amazon be worried?- Dejkala

May 10, 2023
Learn how to scale a YouTube channel with this bundle- Dejkala

Learn how to scale a YouTube channel with this bundle- Dejkala

May 10, 2023
A look at Locksmith, which let Apple II users make duplications of floppy disks, kickstarting one of the earliest copy protection battles of the PC era (Laine Nooney/VICE)- Dejkala

A look at Locksmith, which let Apple II users make duplications of floppy disks, kickstarting one of the earliest copy protection battles of the PC era (Laine Nooney/VICE)- Dejkala

May 10, 2023

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Pages

  • About Us
  • Banking & loan
  • Car’s & Bike’s
  • Contact Us
  • Games
  • Home
  • Home 2
  • Privacy Policy
  • Tech

© 2022 Dejkala

No Result
View All Result
  • Homepages
    • Home – Layout 1
    • Home – Layout 2

© 2022 Dejkala