The OpenSSL Project is getting ready to fix vulnerabilities affecting the crypto library.
OpenSSL versions 1.0.2h and 1.0.1t will release Tuesday to patch flaws, including ones rated “high severity.”
Issues that have a high severity rating affect less common configurations or are less likely to be exploitable. The OpenSSL Project tries to address and fix these holes within a month.
OpenSSL versions 1.0.0 and 0.9.8 are no longer supported and they will not receive any security updates. Support for version 1.0.1 will end December 31.
This will be the third time this year there were OpenSSL updates released. In late January, the OpenSSL Project fixed a high severity flaw that allows attackers to obtain information that can end up used to decrypt secure traffic, and a low severity SSLv2 cipher issue.
Updates released in March addressed low, medium and high severity vulnerabilities, including “DROWN,” a serious flaw that can end up exploited to crack encrypted communications.