Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn't Critical, Isn't Actively Exploited, and Even Red Hat's Distro Isn't Patching Yet

Dr. Roy Schestowitz

2022-11-01 20:14:48 UTC
Modified: 2022-11-01 22:33:28 UTC

Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0 Irresponsible Misinformation About OpenSSL Creative Commons Attribution-No Derivative Works 4.0

Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded "news" (noise) sites, Red Hat -- and to a lesser extent Fedora -- exaggerated the severity of bugs a week before their details' release (long and purposeless suspense); it's a case of a boy who cries "wolf!" to get "likes" in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo

A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week's worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it's worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not "0-day" and there is no immediate rush to patch (in some cases there is no patch, either).

"We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already."The 8 URLs from the video are listed below in a logical order. To quote [4] below "Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?"

We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already. ⬆

Links from the video above

Recent Techrights' Posts

The So-called 'IT' Industry Became Somewhat of a Fraud Where People Equate Usage and Power Wasted With "Value" or "Success": When did 'IT' become a weapon rather than technology/science?
Things to Like About London: Many important or "powerful" people leave near there
Gemini Links 23/02/2025: Respectful Platforms Manifesto and Internet Archive: Links for the day
The Significance of the Timing of the Ridiculous Letters From Brett Wilson LLP, Acting on Behalf of People From Microsoft: A preliminary look at the timeline and what it tells us
Politicians Ought to Invite Dr. Richard Stallman and Prof. Eben Moglen to Speak About Policies, Licensing, Digital Sovereignty: Is there something in Europe other than RMS' talk this coming Monday (that we're not yet aware of)?
Links 23/02/2025: Democracy Backsliding and German Election: Links for the day
Joining APRIL(.org), AGM weekend, Paris, 15-16 March 2025: Reprinted with permission from Daniel Pocock
Links 23/02/2025: Zuckerberg Despised, US Government Does Not Obey Judges, France Grapples With Terrorism: Links for the day
Links 23/02/2025: Apple Back Doors, Ukraine Updates, and Gemini Leftovers: Links for the day
Recent Improvements in Techrights: minimalism works fine when the main goal is to relay information
Slopwatch: Brian Fagioli, Brittany Day (linuxsecurity.com), and Microsoft Misinformation, False Marketing: Serial Sloppers
Censored: Debian Zizian transgender vigilante comparisons in open source Linux communities: Reprinted with permission from Daniel Pocock
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, February 22, 2025: IRC logs for Saturday, February 22, 2025
Links 22/02/2025: OpenAI Plans to Possibly Abandon Microsoft, Facebook Doubles Execs' Bonuses While Sacking Thousands: Links for the day
Gemini Links 22/02/2025: Weekend Chill and Programming Thoughts: Links for the day
Good Explanation of Why IBM Has Chosen to Conceal Mass Layoffs (of 'Expensive' Staff) as "R.T.O." (Even For People Who Never Worked at the Office to Which They're Ordered to "Return"): Many remaining IBM (or Red Hat) workers in Europe are in "cheaper" places such as Brno
Microsoft's Serial Strangler and Matthew J. Garrett Join Forces in Trying to Gag Techrights (for Exposing Microsoft Corruption and Crimes Against Women): Whose terrible idea was it?
Links 22/02/2025: Labour Department Investigates Microsoft Infosys Amid Mass Layoffs, Large Law Firms Caught Red Handed With LLM Slop (Defrauding Clients and Courts): Links for the day
Gemini Links 22/02/2025: Analog Stuff, Sigil, and SSGs: Links for the day
Microsoft's Market Share in Cameroon Falls to New Lows: This means a lot of Android users (iOS is about 4 times smaller), but Android does not mean freedom
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, February 21, 2025: IRC logs for Friday, February 21, 2025
The Streisand Effect is Real: So don't be evil. Also, don't strangle women.
Links 21/02/2025: Linux Foundation Openwashing, Microsoft Copilot Goes Down: Links for the day
Links 21/02/2025: Doomscrolling and European Ham Radio Show: Links for the day
Free University of Bozen-Bolzano Proud to Host Free Software Talk by Richard Stallman: ahead of Monday's talk
Slopwatch: Anti-Linux Machine-Generated FUD (LLM Slop) From GBHackers, CybersecurityNews, and Guardian Digital, Inc (Google News Promotes Slop Plagiarism, Misinformation): Companies that lie try to drown out the signal with falsehoods
Links 21/02/2025: TikTok Layoffs, WebOS Software Patents in Bad Hands: Links for the day
Gemini Links 21/02/2025: Web Browsers, Mechanical Shortcuts, and Internet Hygiene: Links for the day
Richard Stallman 'Only' Founded the FSF: there's no reason to be upset at the FSF for keeping their founder in the Board
Techrights Disconnected From the United States Two Years Ago: Did people really need to wait for the US government to become this hostile towards the media before recognising the threat?
Before Trying Censorship by Extortion the Serial Strangler From Microsoft Literally Begged Us to Delete Pages: This is very clearly just a broad campaign of intimidation
Hype Watch: Weeks After Microsoft Disappointed Investors With "Hey Hi" It's Trying Some "Quantum" Hype (Adding Impractical Vapourware to Accompany This Hype and Even LLM Slop in 'News' Clothing): Remember "metaverse"? What happened to media hype about "blockchain" and "IoT"?
Report About February Mass Layoffs at Microsoft (Third Wave of Microsoft Layoffs in 2025) Comes Back From the Dead: Yesterday we wrote about an article in CRN (reporting Microsoft layoffs) being removed without any reasons specified
Links 21/02/2025: Myanmar Scam Centre and Disruptions at USPTO: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, February 20, 2025: IRC logs for Thursday, February 20, 2025