11.01.22

Gemini version available ♊︎

Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn’t Critical, Isn’t Actively Exploited, and Even Red Hat’s Distro Isn’t Patching Yet

Posted in Deception, Free/Libre Software, FUD, GNU/Linux, IBM, Marketing, Microsoft, Red Hat, Rumour, Security, Servers, Standard at 3:14 pm by Dr. Roy Schestowitz

Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0
Irresponsible Misinformation About OpenSSL
Creative Commons Attribution-No Derivative Works 4.0

Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded “news” (noise) sites, Red Hat — and to a lesser extent Fedora — exaggerated the severity of bugs a week before their details’ release (long and purposeless suspense); it’s a case of a boy who cries “wolf!” to get “likes” in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo

A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week’s worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it’s worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not “0-day” and there is no immediate rush to patch (in some cases there is no patch, either).

“We perceive this to be a bit of a media blunder, taking informal “tweets” at face value and trying to compete over who produces the most scary headline/s for about a week already.”The 8 URLs from the video are listed below in a logical order. To quote [4] below “Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?”

We perceive this to be a bit of a media blunder, taking informal “tweets” at face value and trying to compete over who produces the most scary headline/s for about a week already.

Links from the video above

  1. OpenSSL 3.0 Series Release Notes
  2. Vulnerabilities list
  3. OpenSSL Security Advisory [01 November 2022]
  4. CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
  5. Comments: OpenSSL Outlines Two High Severity Vulnerabilities
  6. OpenSSL 3.0.7 released
  7. OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
  8. OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. [Meme] EPO's Management Brainstorm

    The story behind a misleading slogan told above

  2. The Photo Ops Festival of the Funky President António Campinos and Revolt From the Patent Examiners Whom He Perpetually Oppresses

    European Patents are being granted for no reason other than application and renewal fees, awarding European monopolies to companies that aren't even European (only about a third are actually European); staff of the EPO is fed up as it regards or views all this as an extreme departure from the EPO's mission (and it's also outright illegal)

  3. Links 21/03/2023: Trisquel GNU/Linux 11.0 LTS

    Links for the day

  4. Back Doors Proponent Microsoft Infiltrates Panels That Write the Security Regulations, Press Fails to Point Out the Obvious

    Cult tactics and classic entryism serve Microsoft again, stacking the panels and basically writing policy (CISA). As an associate explained it, citing this new example, Stanford “neglects to point out the obvious fact that Microsoft is writing its own regulations.”

  5. IRC Proceedings: Monday, March 20, 2023

    IRC logs for Monday, March 20, 2023

  6. Links 20/03/2023: Curl 8.0.0/1 and CloudStack 4.18.0.0 LTS

    Links for the day

  7. Standard Life (Phoenix Group Holdings): Three Weeks to Merely Start Investigating Pension Fraud (and Only After Repeated Reminders From the Fraud's Victims)

    As the phonecall above hopefully shows (or further elucidates), Standard Life leaves customers in a Kafkaesque situation, bouncing them from one person to another person without actually progressing on a fraud investigation

  8. Standard Life Paper Mills in Edinburgh

    Standard Life is issuing official-looking financial papers for companies that then use that paperwork to embezzle staff

  9. Pension Fraud Investigation Not a High Priority in Standard Life (Phoenix Group Holdings)

    The 'Open Source' company where I worked for nearly 12 years embezzled its staff; despite knowing that employees were subjected to fraud in Standard Life's name, it doesn't seem like Standard Life has bothered to investigate (it has been a fortnight already; no progress is reported by management at Standard Life)

  10. Links 20/03/2023: Tails 5.11 and EasyOS 5.1.1

    Links for the day

  11. Links 20/03/2023: Amazon Linux 2023 and Linux Kernel 6.3 RC3

    Links for the day

  12. IRC Proceedings: Sunday, March 19, 2023

    IRC logs for Sunday, March 19, 2023

  13. An Update on Sirius 'Open Source' Pensiongate: It's Looking Worse Than Ever

    It's starting to look more and more like pension providers in the UK, including some very major and large ones, are aiding criminals who steal money from their workers under the guise of "pensions"

  14. Services and Users TRApped in Telescreen-Running Apps

    TRApp, term that lends its name to this article, is short for "Telescreen-Running App". It sounds just like "trap". Any similarity is not purely coincidental.

  15. Links 19/03/2023: Release of Libreboot 20230319 and NATO Expanding

    Links for the day

  16. Great Things Brewing

    We've been very busy behind the scenes this past week; we expect some good publications ahead

  17. Links 19/03/2023: LLVM 16.0.0 and EasyOS Kirkstone 5.1 Releases

    Links for the day

  18. IRC Proceedings: Saturday, March 18, 2023

    IRC logs for Saturday, March 18, 2023

  19. Links 18/03/2023: Many HowTos, Several New Releases

    Links for the day

  20. Links 18/03/2023: Tor Browser 12.0.4 and Politics

    Links for the day

  21. Links 18/03/2023: Docker is Deleting Free Software Organisations

    Links for the day

  22. IRC Proceedings: Friday, March 17, 2023

    IRC logs for Friday, March 17, 2023

  23. New Talk: Richard Stallman Explains His Problem With Rust (Trademark Restrictions), Openwashing (Including Linux Kernel), Machine Learning, and the JavaScript Trap

    Richard Stallman's talk is now available above (skip to 18:20 to get to the talk; the volume was improved over time, corrected at the sender's end)

  24. Links 17/03/2023: CentOS Newsletter and News About 'Mr. UNIX' Ken Thompson Hopping on GNU/Linux

    Links for the day

  25. The European Patent Office's Central Staff Committee Explains the Situation at the EPO to the 'Yes Men' of António Campinos (Who is Stacking All the Panels)

    The EPO’s management is lying to staff (even right to their faces!) and it is actively obstructing attempts to step back into compliance with the law; elected staff representatives have produced detailed documents that explain the nature of some of the problems they’re facing

  26. Links 17/03/2023: Linux 6.2.7 and LibreSSL 3.7.1 Released

    Links for the day

  27. GNU/Linux in Honduras: 10% Market Share? (Updated)

    As per the latest statistics

  28. Links 17/03/2023: Update on John Deere’s Ongoing GPL Violations and PyTorch 2.0

    Links for the day

  29. IRC Proceedings: Thursday, March 16, 2023

    IRC logs for Thursday, March 16, 2023

  30. RMS: A Tour of Malicious Software, With a Typical Cell Phone as Example

    Tonight in Europe or this afternoon in America Richard M. Stallman (RMS), who turned 70 yesterday, gives a talk

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts