OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw

The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel’s Advanced Vector Extensions 512 (AVX512). OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292).

Read full article on The Register

 


Date:

Categorie(s):