OpenSSL patch to fix ‘critical’ vulnerability

Mark Cox, the VP of Security at Apache Software Foundation, said in a tweet that an upgrade to OpenSSL 3.0.7 will address a critical vulnerability, ZDNet reports. An issue of critical severity, according to OpenSSL, affects common configurations and is probably exploitable. It could be readily exploited remotely to compromise server private keys or run code remotely. It is likely to be misused to divulge server memory contents and perhaps reveal user information. According to Cox, a Red Hat Distinguished Software Engineer, they disclosed the security flaw prior to the release of the patch because their policy is to let people know when they should be prepared to analyze an advisory and determine whether it applies to them. The vulnerability reportedly only affects OpenSSL versions 3.0.0 through 3.0.6, meaning the problems will likely not emerge in older operating systems and devices, such as Red Hat Enterprise Linux 8.x and Ubuntu 20.04.