The OpenSSL project team announced on Tuesday an upcoming release of OpenSSL version 1.1.0c.
The update will be issued on Nov. 10 to address several security flaws. The severity of one flaw is rated "High," but does not affect OpenSSL versions prior to 1.1.0.
This release follows a September upgrade that patched more than a dozen security vulnerabilities, including a denial-of-service bug (CVE-2016-6307), ranked low severity, as it could be exploited only if particular conditions are met. However, a Google engineer detected a critical use-after-free vulnerability in the patch that could lead to a crash and arbitrary code execution, so a second update was issued (OpenSSL 1.1.0b).