Dejkala
No Result
View All Result
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
No Result
View All Result
Dejkala
No Result
View All Result
Home Latest update

OpenSSL warns of critical security vulnerability with upcoming patch- Dejkala

by hasibul
October 27, 2022
in Latest update
0
OpenSSL warns of critical security vulnerability with upcoming patch- Dejkala
0
VIEWS
Share on FacebookShare on Twitter


Person holding their head in distress looking at a server rack

Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It’s also what is used to lock down pretty much every secure communications and networking application and device out there. 

So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)’s VP of Security, this week tweeted, “OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC.”

How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. 

It’s likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely. In other words, pretty much everything you don’t want happening on your production systems.

Eep! 

Also: These cybersecurity vulnerabilities are most popular with hackers right now – have you patched them?

The last time OpenSSL had a kick in its security teeth like this one was in 2016. That vulnerability could be used to crash and take over systems. Even years after it arrived, security company Check Point estimated it affected over 42% of organizations. 

This one could be worse. We can only hope it’s not as bad as that all-time champion of OpenSSL’s security holes, 2014’s HeartBleed.

So why announce the security hole before the patch is in? Cox explained, “That’s our policy … to provide folks with a date they know to be ready to parse an advisory and see if the issue affects them.” 

But couldn’t a hacker find it and exploit it as a zero-day? He doesn’t think so. “Given the number of changes in 3.0 and the lack of any other context information, such scouring is very highly unlikely.”

Also: Linux devices are increasingly under attack from hackers, security researchers warn

There is another little silver lining in this dark cloud. This new hole only affects OpenSSL versions 3.0.0 through 3.0.6. So, older operating systems and devices are likely to avoid these problems. For example, Red Hat Enterprise Linux (RHEL) 8.x and earlier and Ubuntu 20.04 won’t be smacked by it. RHEL 9.x and Ubuntu 22.04, however, are a different story. They do use OpenSSL 3.x.

If you’re a Linux user, you can check your own system by running the shell command: 

# openssl version

In my case, my laptop in front of me is running Debian Bullseye, which uses OpenSSL 1.1, so this machine is good.

But, if you’re using anything with OpenSSL 3.x in — anything — get ready to patch on Tuesday. This is likely to be a bad security hole, and exploits will soon follow. You’ll want to make your systems safe as soon as possible.

Related stories:




Related

ShareTweetShare

Related Posts

WeMeta: the median price per square meter of land in Decentraland has dropped from ~$45 in 2022 to $5 in 2023, as the hype around the metaverse has receded (Meghan Bobrowsky/Wall Street Journal)- Dejkala
Latest update

WeMeta: the median price per square meter of land in Decentraland has dropped from ~$45 in 2022 to $5 in 2023, as the hype around the metaverse has receded (Meghan Bobrowsky/Wall Street Journal)- Dejkala

March 29, 2023
Lenovo gives up on its dream of Android gaming phones- Dejkala
Latest update

Lenovo gives up on its dream of Android gaming phones- Dejkala

March 29, 2023
NASA delays flight of Boeing’s Starliner again, this time for parachutes- Dejkala
Latest update

NASA delays flight of Boeing’s Starliner again, this time for parachutes- Dejkala

March 29, 2023
Buttons are back at Porsche as we see the 2024 Cayenne interior- Dejkala
Latest update

Buttons are back at Porsche as we see the 2024 Cayenne interior- Dejkala

March 29, 2023
Google launches an Ads Transparency Center, showing all the ads from verified advertisers on its platforms, in the formats, the regions, and the dates they ran (Ivan Mehta/TechCrunch)- Dejkala
Latest update

Google launches an Ads Transparency Center, showing all the ads from verified advertisers on its platforms, in the formats, the regions, and the dates they ran (Ivan Mehta/TechCrunch)- Dejkala

March 29, 2023
How NetEase and Activision's 14-year partnership fell apart, in part due to China's tech crackdown, as filings show the deal was worth ~$750M in annual revenue (New York Times)- Dejkala
Latest update

How NetEase and Activision's 14-year partnership fell apart, in part due to China's tech crackdown, as filings show the deal was worth ~$750M in annual revenue (New York Times)- Dejkala

March 29, 2023
Next Post
Apple reports record Q4 revenue up 8% YoY to $90.1B, net income up 1% YoY to $20.7B, and annual revenue up 8% YoY to $394.3B (Apple)- Dejkala

Apple reports record Q4 revenue up 8% YoY to $90.1B, net income up 1% YoY to $20.7B, and annual revenue up 8% YoY to $394.3B (Apple)- Dejkala

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Recommended

Asus’s new laptops let you view art in 3D above the screen, without VR/AR glasses- Dejkala

Asus’s new laptops let you view art in 3D above the screen, without VR/AR glasses- Dejkala

January 4, 2023
Amazon’s Ring video doorbells and cameras are up to 35 percent off right now- Dejkala

Amazon’s Ring video doorbells and cameras are up to 35 percent off right now- Dejkala

February 10, 2023
“The Game Awards” Awards: Picking the night’s best new game trailers- Dejkala

“The Game Awards” Awards: Picking the night’s best new game trailers- Dejkala

December 9, 2022
What’s the deal with Formula 1 and sustainable fuels?- Dejkala

What’s the deal with Formula 1 and sustainable fuels?- Dejkala

November 16, 2022
US-based MKS Instruments, a little-known but key chip equipment supplier, says a "ransomware event" on "production-related systems" will cause delays into March (Financial Times)- Dejkala

US-based MKS Instruments, a little-known but key chip equipment supplier, says a "ransomware event" on "production-related systems" will cause delays into March (Financial Times)- Dejkala

February 28, 2023
CWA union files another unfair labor charge against eBay-owned TCGplayer- Dejkala

CWA union files another unfair labor charge against eBay-owned TCGplayer- Dejkala

March 15, 2023
WeMeta: the median price per square meter of land in Decentraland has dropped from ~$45 in 2022 to $5 in 2023, as the hype around the metaverse has receded (Meghan Bobrowsky/Wall Street Journal)- Dejkala

WeMeta: the median price per square meter of land in Decentraland has dropped from ~$45 in 2022 to $5 in 2023, as the hype around the metaverse has receded (Meghan Bobrowsky/Wall Street Journal)- Dejkala

March 29, 2023
Lenovo gives up on its dream of Android gaming phones- Dejkala

Lenovo gives up on its dream of Android gaming phones- Dejkala

March 29, 2023
NASA delays flight of Boeing’s Starliner again, this time for parachutes- Dejkala

NASA delays flight of Boeing’s Starliner again, this time for parachutes- Dejkala

March 29, 2023

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Pages

  • About Us
  • Banking & loan
  • Car’s & Bike’s
  • Contact Us
  • Games
  • Home
  • Home 2
  • Privacy Policy
  • Tech

© 2022 Dejkala

No Result
View All Result
  • Homepages
    • Home – Layout 1
    • Home – Layout 2

© 2022 Dejkala