This page permanently redirects to gemini://gemini.techrights.org/2022/11/01/ibm-sensationalism/.
Gemini version available ♊︎
Posted in Deception, Free/Libre Software, FUD, GNU/Linux, IBM, Marketing, Microsoft, Red Hat, Rumour, Security, Servers, Standard at 3:14 pm by Dr. Roy Schestowitz
Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0Irresponsible Misinformation About OpenSSL Creative Commons Attribution-No Derivative Works 4.0
http://techrights.org/videos/openssl-drama.webm
Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded “news” (noise) sites, Red Hat — and to a lesser extent Fedora — exaggerated the severity of bugs a week before their details’ release (long and purposeless suspense); it’s a case of a boy who cries “wolf!” to get “likes” in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo
A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week’s worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it’s worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not “0-day” and there is no immediate rush to patch (in some cases there is no patch, either).
=> we took note of the overhyped | misinformation like calling it "zero day"
“We perceive this to be a bit of a media blunder, taking informal “tweets” at face value and trying to compete over who produces the most scary headline/s for about a week already.”
The 8 URLs from the video are listed below in a logical order. To quote [4] below “Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?”
We perceive this to be a bit of a media blunder, taking informal “tweets” at face value and trying to compete over who produces the most scary headline/s for about a week already. █
OpenSSL 3.0 Series Release Notes
=> 1 OpenSSL 3.0 Series Release Notes
Vulnerabilities list
OpenSSL Security Advisory [01 November 2022]
=> 3 OpenSSL Security Advisory [01 November 2022]
CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
=> 4 CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
Comments: OpenSSL Outlines Two High Severity Vulnerabilities
=> 5 Comments: OpenSSL Outlines Two High Severity Vulnerabilities
OpenSSL 3.0.7 released
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
=> 7 OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow
=> 8 OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
Permalink > Image: Mail
Send this to a friend
=> Permalink | ↺ Send this to a friend
=> Techrights
➮ Sharing is caring. Content is available under CC-BY-SA.
text/gemini;lang=en-GBThis content has been proxied by September (ba2dc).