Enable breadcrumbs token at /includes/pageheader.html.twig

It Is No Trick: Updating Software

Do not delay in refreshing outdated software; dangerous vulnerabilities could abound.

Credit: Shutterstock/rangizzz

The Cybersecurity and Infrastructure Security Agency’s (CISA’s) call to always promptly update your software was even more relevant this past week, with the announcement of Open Source Secure Socket Layer’s (OpenSSL’s) latest expected software release.

The software is a widely used cryptography function across Linux, Windows, Mac and other operating systems for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

The crucial fix is for OpenSSL software versions 3 and above.

“Hello, The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 3.0.7. This release will be made available on Tuesday 1st November 2022 between 1300-1700 UTC. OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in this release is CRITICAL. Yours, The OpenSSL Project Team.”

Morevoer, OpenSSL classified the release and need for updates as “critical,” the highest level of severity category it uses.

“Critical severity …. affects common configurations and which are also likely to be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations,” the organization stated.

To all affected, which could be a great number, heed CISA’s advice and, “Don't delay—If you see a software update notification, act promptly.”