OpenSSL to Patch High Severity Holes

Friday, February 26, 2016 @ 03:02 PM gHale

The OpenSSL Project will release new versions that fix high severity vulnerabilities.

“The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2g, 1.0.1s. These releases will be made available on 1st March 2016 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity “high,” officials said on a blog post.

OpenSSL Bugs Patched
OpenSSL Patches Vulnerabilities
OpenSSL Patches Forgery Flaw
Vulnerabilities in Web Security Certificates

OpenSSL said high severity flaws include “issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable. These issues will be kept private and will trigger a new release of all supported versions. We will attempt to keep the time these issues are private to a minimum; our aim would be no longer than a month where this is something under our control.”

The OpenSSL Project also said support for version 1.0.1 will end December 31 this year. Support for the 1.0.0 and 0.9.8 releases ended on December 31 last year.

Click here for more information on the high severity advisory.