Websites and companies that rely on OpenSSL should patch their systems as soon as possible.
Websites and companies that rely on OpenSSL should patch their systems as soon as possible.
The developer of Open SSL, a widely used open-source encryption library, released Tuesday a patch to fix two high severity security issues that could allow attackers to remotely execute new code or cause website crashes.
OpenSSL Project last week announced a security-fix update to fix an issue originally categorized as « critical. » After further analysis, the severity was downgraded to « high » today with the release of the patch.
According to OpenSSL, an issue of critical severity if « remote code execution is considered likely in common situations, » but the OpenSSL team said it no longer feels the rating applies to the issue.
« We are not aware of any working exploit that could lead to remote code execution, and we have no evidence of these issues being exploited as of the time of release of this post, » OpenSSL said in a blog post.
The vulnerabilities only affect OpenSSL versions 3.0—released Sept. 2021—and above. Users are encouraged to upgrade to version 3.0.7.
« We still consider these issues to be serious vulnerabilities and affected users are encouraged to upgrade as soon as possible, » OpenSSL said.
