Security News > 2022 > October > Critical Vulnerability in Open SSL
2022-10-28 13:12
There are no details yet, but it's really important that you patch Open SSL 3.x when the new version comes out on Tuesday.
How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable.
It's likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely.
In other words, pretty much everything you don't want happening on your production systems.
News URL
https://www.schneier.com/blog/archives/2022/10/critical-vulnerability-in-open-ssl.html
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- FortiManager critical vulnerability under active attack (source)