Sign In

Communications of the ACM

ACM News

OpenSSL to Patch First Critical Vulnerability Since 2016

View as: Print Mobile App Share:

The OpenSSL Project started assigning severity ratings to vulnerabilities in 2014, when the notorious Heartbleed vulnerability came to light.

Credit: SecurityWeek

The OpenSSL Project has informed users that an upcoming update will patch a critical vulnerability in the open source cryptography and secure communication toolkit.

OpenSSL version 3.0.7 is scheduled for Tuesday, November 1, between 13:00 and 17:00 UTC. No details have been provided, but it has been described as a 'security-fix release' that will include a patch for a vulnerability rated 'critical'.

The issue does not appear to impact OpenSSL versions prior to 3.0.

This is the first critical vulnerability patched in OpenSSL since September 2016, and only the second flaw to be officially assigned a 'critical' severity rating.

From SecurityWeek
View Full Article



No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account