OpenSSL The to 9, on 2 2 may publish multiple bug fixes-vulnerability warning-the black bar safety net

ID MYHACK58:62201679452
Type myhack58
Reporter 佚名
Modified 2016-09-21T00:00:00


Vulnerability warning

The OpenSSL project group on Monday announced in Beijing 9 May 2 2, 1 6 When to release a new version of the update, the update contents include: repairing self-2 0 1 6 years of 5 months of security vulnerabilities, including a high-risk vulnerability.

OpenSSL 1.1.0 a, 1.0. 2i and 1. 0. 1u version will be in the UTC time on Thursday 9 October 2 2, 8 When(Beijing Time 9 on 2 2, 1 6)release. The OpenSSL project team revealed some information about the update part of the information, including a vulnerability rated as”high-risk”, one for“in-risk”, the rest are rated as“low risk”it.

According to the OpenSSL official security policy, compared to the “serious”vulnerability,“high-risk”vulnerabilities just not direct the remote-use possibility. (note understood, where the use of refers to the command execution or the private key is stolen or the like), the default configuration will yield impact.

In addition the OpenSSL project, the group once again to remind the user, 1.0. 1 revision of the patch support will be in the 1 2 month 3 1 day of the end, 8 on 2 5, will issue new 1. 1. 0 version of the branch.

To date, the OpenSSL project team in this year a total of released three security updates, cumulative fix 1 6 a security vulnerability.