OpenSSL mystery patches due for release Thursday
New versions of OpenSSL will be released on Thursday to patch several security vulnerabilities, one of which is considered highly serious, according to the OpenSSL Project Team.
An advisory published on Monday did not give further details of the vulnerabilities, presumably so as to not tip off hackers and perhaps to give some organizations time to patch in the meantime.
The updates will be included in OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, the advisory said.
A number of serious problems have been found over the last year in OpenSSL, which is widely used open-source software that encrypts communications using the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol, a cornerstone of Web security.