Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn't Critical, Isn't Actively Exploited, and Even Red Hat's Distro Isn't Patching Yet

Dr. Roy Schestowitz

2022-11-01 20:14:48 UTC
Modified: 2022-11-01 22:33:28 UTC

Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0 Irresponsible Misinformation About OpenSSL Creative Commons Attribution-No Derivative Works 4.0

Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded "news" (noise) sites, Red Hat -- and to a lesser extent Fedora -- exaggerated the severity of bugs a week before their details' release (long and purposeless suspense); it's a case of a boy who cries "wolf!" to get "likes" in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo

A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week's worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it's worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not "0-day" and there is no immediate rush to patch (in some cases there is no patch, either).

"We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already."The 8 URLs from the video are listed below in a logical order. To quote [4] below "Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?"

We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already. ⬆

Links from the video above

Recent Techrights' Posts

Topics We Lacked Time to Cover: Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration: At the moment the casualties of EPO corruption include the EPO's own staff
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses: Links for the day
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups: Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It): Patents can last two decades and grow with (or catch up with) the kids
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions: Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago): Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024: IRC logs for Thursday, November 21, 2024
Gemini Links 21/11/2024: Alphabetising 400 Books and Giving the Internet up: Links for the day
Links 21/11/2024: TikTok Fighting Bans, Bluesky Failing Users: Links for the day
Links 21/11/2024: SpaceX Repeatedly Failing (Taxpayers Fund Failure), Russian Disinformation Spreading: Links for the day
Richard Stallman Earned Two More Honorary Doctorates Last Month: Two more doctorate degrees
KillerStartups.com is an LLM Spam Site That Sometimes Covers 'Linux' (Spams the Term): It only serves to distract from real articles
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 20, 2024: IRC logs for Wednesday, November 20, 2024
Gemini Links 20/11/2024: Game Recommendations, Schizo Language: Links for the day
Growing Older and Signs of the Site's Maturity: The EPO material remains our top priority
Did Microsoft 'Buy' Red Hat Without Paying for It? Does It Tell Canonical What to Do Now?: This is what Linus Torvalds once dubbed a "dick-sucking" competition or contest (alluding to Red Hat's promotion of UEFI 'secure boot')
Links 20/11/2024: Politics, Toolkits, and Gemini Journals: Links for the day
Links 20/11/2024: 'The Open Source Definition' and Further Escalations in Ukraine/Russia Battles: Links for the day
[Meme] Many Old Gemini Capsules Go Offline, But So Do Entire Web Sites: Problems cannot be addressed and resolved if merely talking about these problems isn't allowed
Links 20/11/2024: Standing Desks, Broken Cables, and Journalists Attacked Some More: Links for the day
Links 20/11/2024: Debt Issues and Fentanylware (TikTok) Ban: Links for the day
Jérémy Bobbio (Lunar), Magna Carta and Debian Freedoms: RIP: Reprinted with permission from Daniel Pocock
Jérémy Bobbio (Lunar) & Debian: from Frans Pop to Euthanasia: Reprinted with permission from Daniel Pocock
This Article About "AI-Powered" is Itself LLM-Generated Junk: Trying to meet quotas by making fake 'articles' that are - in effect - based on plagiarism?
Recognizing invalid legal judgments: rogue Debianists sought to deceive one of Europe's most neglected regions, Midlands-North-West: Reprinted with permission from Daniel Pocock
Google-funded group distributed invalid Swiss judgment to deceive Midlands-North-West: Reprinted with permission from Daniel Pocock
Gemini Links 20/11/2024: BeagleBone Black and Suicide Rates in Switzerland: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 19, 2024: IRC logs for Tuesday, November 19, 2024