Bonum Certa Men Certa

Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn't Critical, Isn't Actively Exploited, and Even Red Hat's Distro Isn't Patching Yet

Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0 Irresponsible Misinformation About OpenSSL Creative Commons Attribution-No Derivative Works 4.0



Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded "news" (noise) sites, Red Hat -- and to a lesser extent Fedora -- exaggerated the severity of bugs a week before their details' release (long and purposeless suspense); it's a case of a boy who cries "wolf!" to get "likes" in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo

A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week's worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it's worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not "0-day" and there is no immediate rush to patch (in some cases there is no patch, either).



"We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already."The 8 URLs from the video are listed below in a logical order. To quote [4] below "Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?"

We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already.

Links from the video above



  1. OpenSSL 3.0 Series Release Notes
  2. Vulnerabilities list
  3. OpenSSL Security Advisory [01 November 2022]
  4. CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
  5. Comments: OpenSSL Outlines Two High Severity Vulnerabilities
  6. OpenSSL 3.0.7 released
  7. OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
  8. OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow

Recent Techrights' Posts

Microsoft's CEO is Hyping Up 'AI' (Plagiarism) to Distract From Falling Interest in It and Missed Expectations (Investors Run Out of Patience as Reality Does Not Meet or Match Early False Promises)
Microsoft clearly needs 1) a distraction and 2) hype about "AI"
No, Microsoft, Plagiarism is Not "AI"
"Satya Nadella says as much as 30% of Microsoft code is written by AI"
Microsoft Has Become Almost Extinct in Web Servers, Netcraft Now Ranks It in Only One Category (Microsoft Down Sharply), Deranked/Outranked in All the Rest
Microsoft used to be in all categories, now it's in just one
Microsoft Has Hundred of Layoffs Again, Same Week as the Company's Fake Results
those people were in effect Microsoft employees, just classified as contractors
Sirius Open Source in Court
I personally was a witness and an alibi
What GNU/Linux Means to Us
Linux without freedom is like becoming a vegetarian "except on special occasions"
Disinformation and Marketing Spam From and For OIN (GAFAM's and IBM's Weapon Against Free Software Activists and Reformists Against Software Patents)
All in all, this anniversary is just a PR stunt with revisionism
Symptom or Hallmark of Ponzi Schemes: Microsoft Says It Gains Over 100 Million Dollars in "Goodwill" and Its Speculative "Value" Nearly Doubled to $119,329,000,000 in the Past Year Alone
Total liabilities are now over $240,000,000,000
 
Slopwatch: Stigma-Baiting by the Serial Sloppers and Latest Garbage From the Slopfarm LinuxSecurity.com (Also Slopping Away at "OpenBSD" With SEO SPAM Made by LLMs)
Microsoft et al are trying to profit from blurring away information
Links 02/05/2025: Mineral Selloff and Chinese Sanctions
Links for the day
Gemini Links 02/05/2025: Hens and Tmux
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, May 01, 2025
IRC logs for Thursday, May 01, 2025
Gopher/Gemini Links 01/05/2025: Slop/LLM Bot Troubles and Driving Angry
Links for the day
Links 01/05/2025: Apple Lies to Courts, European Patents Thrown Out by British Courts Again
Links for the day
Gemini Links 01/05/2025: Small Web and Going Offline
Links for the day
Links 01/05/2025: Slop Blowback, Social Control Media as Vehicle of "Sextortion"
Links for the day
Some of the Evidence We'll Be Relying Upon in the Lawsuits Against Matthew J. Garrett
Finally facing the consequences for his actions
Gemini Links 01/05/2025: Trying OpenBSD and Usenet Reborn Released
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 30, 2025
IRC logs for Wednesday, April 30, 2025
Gemini Turns 6 Soon, Still Growing
Will we see 3,050 before Gemini turns 6 in summer?
Richard Stallman Re-Confirmed by the Free Software Foundation
as expected
Links 30/04/2025: Pakistan-India Tensions Grow, Facebook Banning Publishers Before Elections
Links for the day
Techrights Statement: The Solution is Not More Censorship or Moving to Another Mastodon Instance, the Core Problem is Social Control Media Including Mastodon
Censorship typically leads to additional (new) issues
Links 30/04/2025: Censorship in the Guise/Clothing of "Combatting Deepfakes", Mass Surveillance Increasingly Framed as Catchphrase "AI"
Links for the day
Why Techrights Attracts SLAPPs From American Microsofters Who Literally Strangle Women and Rely on the Most Unscrupulous Law Firms
"the SLAPPs targeted at TR [Techrights] shows that Orwell was right: Journalism is about exposure, everything else are PubRels."
The Problem at the Open Source Initiative (OSI) Is Vastly Bigger Than Its Rigged Elections
Elections and election-rigging at the OSI are a symptom
IBM Allegedly to Sell More Parts of the Company While Outsourcing to India, Microsoft Now Goes After Unions
They both have cash and debt problems
Slopwatch: Google Noise ("News"), Linux Security (Slopfarm), and BetaNoise (Serial Slopper)
Today there's no lack of LLM slop
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 29, 2025
IRC logs for Tuesday, April 29, 2025
Links 30/04/2025: "Brian Lumley’s Necroscope Series" and "Death In The Afternoon"
Links for the day