Was genau kaputt ist, verraten die OpenSSL-Entwickler derzeit noch nicht. Allerdings stufen sie die Lücke als "high severity" ein. Das beudetet:
Also wärmt Eure Paketmanager, Tinderboxen, Pulvertürme etc. schon mal vor - diese Lücke will man sicherlich schnell vom System bekommen...OpenSSL Security Policy wrote:high severity issues. This includes issues affecting common configurations which are also likely to be exploitable. Examples include a server DoS, a significant leak of server memory, and remote code execution. These issues will be kept private and will trigger a new release of all supported versions. We will attempt to keep the time these issues are private to a minimum; our aim would be no longer than a month where this is something under our control, and significantly quicker if there is a significant risk or we are aware the issue is being exploited.