In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team announced that OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf will be released Thursday.
"These releases will be made available on 19th March," Caswell wrote. "They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity."
OpenSSL is an open-source implementation of the SSL and TLS protocols. It's a technology that's widely used by almost every websites to encrypt web sessions, even the Apache web server that powers almost half of the websites over the Internet utilizes OpenSSL.
Further details on the mystery security vulnerabilities (CVE-2015-0209, CVE-2015-0285, CVE-2015-0288) are unavailable at this time, although some industry experts have speculated that this high severity flaw could be another POODLE or Heartbleed bug, worst TLS/SSL flaws that are still believed to be affecting websites on Internet today. Read Full Article