Urgent: OpenSSL Patches Introduce New Vulnerabilities

Urgent: OpenSSL Patches Introduce New Vulnerabilities

OpenSSL has issued an urgent update warning users of two critical vulnerabilities in their software. The patches for CVE-2016-6309 and CVE-2016-7052, released last week, have been found to introduce new issues that could compromise patched machines or cause denial of service conditions.

OpenSSL 1.1.0a users who applied the patch for CVE-2016-6309 are now at risk. The patch could result in a crash or even the execution of attacker-supplied code, compromising the patched machine. Users are advised to upgrade to OpenSSL 1.1.0b immediately.

Similarly, OpenSSL 1.0.2i users who patched CVE-2016-7052 are also affected. The patch could allow attackers to cause a denial of service condition, leading to a crash. Users should upgrade to OpenSSL 1.0.2j as soon as possible.

In January 2017, OpenSSL 1.0.2k was released, but it is not affected by these new issues.

OpenSSL has released an update advising users of these critical issues. Affected users should upgrade their OpenSSL versions promptly to mitigate the risks. The latest stable versions are 1.1.0b and 1.0.2j for the respective branches.

Read also:

• TikTok's deal negotiations continue following a conversation between Xi and Trump
• Trump announces agreement with Chinese authorities on TikTok deal
• List of 2025's Billionaire Video Game Moguls Ranked by Fortune
• Dynamic exchange of power and data is shaping the network of tomorrow