OpenSSL fixes High Severity data-stealing bug – patch now!

From nakedsecurity.sophos.com

OpenSSL, probably the best-known if not the most widely-used encryption library in the world, has just release a trifecta of security updates.

These patches cover the two current open-source versions that the organisation supports for everyone, plus the “old” 1.0.2-version series, where updates are only available to customers who pay for premium support.

(Getting into a position where you no longer need to pay for support is probably better for you, even if you don’t care about the cost, because it means you’ll finally be weaning yourself off a version that OpenSSL itself tried to retire years ago.)

Read more…