The OpenSSL team announced that there will be security fixes in the OpenSSL releases 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf which will be published on the 19th march. The announcement states that the highest severity being fixed is “high”.
The highest severity defect fixed by these releases is classified as “high” severity. – OpenSSL Project Team
The OpenSSL security policy specifies that defects classified as high severity are affecting common configurations which are likely to be exploited. It could be either a DoS-attack, reading sensible information or remote code execution. Guess all sysadmins should prepare for a day/night fixing servers and services using OpenSSL.
We’ll update this blog post as soon as more information comes up. Got any? Write a comment below!
Update 1: The patch will be released March 19, between 11:00 and 15:00 GMT. While a possible issue has been found in one of the OpenSSL patches, it seems like they’re still releasing in time.