{"id":376,"date":"2015-07-08T01:21:31","date_gmt":"2015-07-08T01:21:31","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=376"},"modified":"2024-12-23T07:52:25","modified_gmt":"2024-12-23T07:52:25","slug":"openssl-to-patch-critical-mystery-bug-on-thursday","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/openssl-to-patch-critical-mystery-bug-on-thursday-376\/","title":{"rendered":"OpenSSL to Patch Critical Mystery Bug on Thursday"},"content":{"rendered":"<p><a href=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap5.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-378 size-full\" src=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap5.jpg\" alt=\"OpenSSL to Patch Critical Mystery Bug on Thursday\" width=\"784\" height=\"286\" srcset=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap5.jpg 784w, https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap5-300x109.jpg 300w, https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap5-3x1.jpg 3w\" sizes=\"auto, (max-width: 784px) 100vw, 784px\" \/><\/a><\/p>\n<p>The OpenSSL project team has sent a rather cryptic alert that it will be patching a high severity bug this Thursday, July 9.<\/p>\n<p>The announcement is terse: \u201cThe OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as &#8220;high&#8221; severity.\u00a0 This defect does not affect the 1.0.0 or 0.9.8 releases.\u201d<\/p>\n<p>Unfortunately, the mystery bug is likely to be a big deal. OpenSSL is a security standard encrypting communications between users and the servers provided by a majority of online services. As such, it\u2019s a basic component of a wide swath of the web, affecting various applications and systems, and even embedded devices. That\u2019s one of the reasons why the Heartbleed flaw took months and months to patch even after an update was released.<\/p>\n<p>Heartbleed, a mistake written into OpenSSL, made it viable for hackers to extract data from massive databases containing user names, passwords, private data and so on.<\/p>\n<p>According to OpenSSL\u2019s security policy, \u201chigh-severity\u201d flaws are those that affect common configurations and are likely to be exploitable. These can range from server denial-of-service to significant leak of server memory to remote code execution.<\/p>\n<p>\u201cThis type of a pre-announcement is intended to give organizations a chance to prepare,\u201d Tim Erlin, director of IT security and risk strategy at Tripwire, said via email. \u201cA huge part of the heartburn with Heartbleed came from the scramble to identify where organizations were vulnerable and how to apply patches. In this case, a little organization can go a long way to a smoother patching cycle. Software vendors who use OpenSSL can be prepared to patch their code and ship new versions faster, and end-users can inventory where they have OpenSSL and set up appropriate testing environments ahead of time.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The OpenSSL project team has sent a rather cryptic alert that it will be patching a high severity bug this Thursday, July 9. The announcement is terse: \u201cThe OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will &hellip; <a href=\"https:\/\/www.dogoodsoft.com\/blog\/openssl-to-patch-critical-mystery-bug-on-thursday-376\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">OpenSSL to Patch Critical Mystery Bug on Thursday<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[141,140],"class_list":["post-376","post","type-post","status-publish","format-standard","hentry","category-news","tag-critical-mystery-bug","tag-openssl"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=376"}],"version-history":[{"count":2,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/376\/revisions"}],"predecessor-version":[{"id":380,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/376\/revisions\/380"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}