A new version of Open SSL is set to be released imminently, patching a single ‘high severity’ vulnerability.
In a mailing list announcement the developer Mark J Cox of the Open SSL team said the update to OpenSSL versions 1.0.2d and 1.0.1p. would be pushed out on Thursday July 9.
The announcement continued: “They will fix a single security defect classified as "high" severity. This defect does not affect the 1.0.0 or 0.9.8 releases.”
OpenSSL is open-source software commonly used to encrypt internet communications using SSL/TLS - it’s estimated that as of 2014 two thirds of all webservers use it.
Infamously OpenSSL was discovered to have a critical vulnerability known as ‘Heartbleed’ in 2014, which was swiftly patched.
Security expert Graham Cluely commented on the upcoming patch: “Fingers crossed, this new vulnerability in OpenSSL won't be anything like as serious as Heartbleed - but the grading of it as "high severity" means that it could open the door to various threats: ranging from fairly tame denial-of-service attacks to rather unpleasant remote code execution.”
As Cluely went on to point out however, the patch will need IT admins to actually install it promptly to mitigate the risk, as hackers will be able to exploit unpatched servers very soon after the release.
“So, listen up system administrators and developers. When the update fixing the OpenSSL vulnerability does arrive sometime on Thursday, be sure to patch as soon as possible. You owe it to your own security, but also in order to properly protect the security of your partners and customers,” he wrote.
