Alarm! critical security flaw in OpenSSL

It all depends on OpenSSL. If you don't know, OpenSSL is the application that makes it possible to use the TLS security protocol (from Transport Layer Security) on Linux, Unix, Windows and many other operating systems.

bugs

It is also the app used to lock almost every secure communication and networking app and of course every device out there.

So when Mark Cox, a distinguished software engineer at Red Hat and the VP of Security at the Apache Software Foundation (ASF), tweeted this week: “OpenSSL update 3.0.7 will fix Critical CVE next Tuesday 1300-1700UTC ”, we should all be worried.

How critical is “Critical”?

According to OpenSSL, a critical severity issue affects common configurations and is also likely to be exploited by malicious users. It can be used to abuse and expose a server's memory contents and potentially expose user information. It could be remotely exploited to compromise the server's private keys or execute code remotely. In other words, pretty much anything you don't want to happen to your systems.

The story

The last time OpenSSL had a critical security flaw like this was in 2016. This vulnerability could be used to crash and take over systems. Years after its discovery, security firm Check Point estimated that it affected over 42% of organizations.

The current security gap could be worse.

We can only hope it won't be as bad as OpenSSL's all-time champion security flaw, the heartbleed of 2014.

the good news

But there is also something encouraging. The new security vulnerability only affects OpenSSL versions 3.0.0 through 3.0.6. So older operating systems and devices are likely to have no problems.

For example, Red Hat Enterprise Linux (RHEL) 8.x and earlier versions and Ubuntu 20.04 will have no problem.

But RHEL 9.x and Ubuntu 22.04 use OpenSSL 3.x.

If you're using OpenSSL 3.x anywhere get ready to update on Tuesday. This is a dangerous security gap and exploits will soon follow.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















OpenSSL, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).