You’ve probably seen story after story in the media in the past week about a critical bug in OpenSSL, though at the time of writing this article[2022-11-01T11:30:00Z], no one coivering OpenSSL actually knows what to tell you about the bug, because the news is about an update that is scheduled to come out later today, but not yet disclosed. We’ll be covering that bug once we actually know what it is, so we can explain it rather than simply say, “Patch at once.” (If you aren’t interested in the details of that flaw, you can indeed simply patch any vulnerable versions of OpenSSL in your own ecosystem.) But there’s another, unrelated, cryptographic library bug that was fixed recently that hasn’t had a lot of publicity, and although we’re guessing that it’s much less dangerous than the soon-to-be-revealed OpenSSL bug, it’s nevertheless worth knowing about.

Read full article on Naked Security