Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn't Critical, Isn't Actively Exploited, and Even Red Hat's Distro Isn't Patching Yet

Dr. Roy Schestowitz

2022-11-01 20:14:48 UTC
Modified: 2022-11-01 22:33:28 UTC

Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0 Irresponsible Misinformation About OpenSSL Creative Commons Attribution-No Derivative Works 4.0

Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded "news" (noise) sites, Red Hat -- and to a lesser extent Fedora -- exaggerated the severity of bugs a week before their details' release (long and purposeless suspense); it's a case of a boy who cries "wolf!" to get "likes" in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo

A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week's worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it's worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not "0-day" and there is no immediate rush to patch (in some cases there is no patch, either).

"We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already."The 8 URLs from the video are listed below in a logical order. To quote [4] below "Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?"

We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already. ⬆

Links from the video above

Recent Techrights' Posts

When Abusive Law Firms (Working for Microsofters Against Us) Assert That Someone Writing in Social Media About Himself is Confidential Information: There was no reason to throw "GDPR" into 2 SLAPPs; they know it, but the goal was to increase the cost of a Defence and lessen the incentive to challenge the SLAPPs
Gemini Links 15/06/2025: Rainy Season and OpenDocument Format (ODF): Links for the day
Links 15/06/2025: Military Games, Parade, and Actions: Links for the day
Links 15/06/2025: Windows TCO, Openwashing, and Wars: Links for the day
Gemini Links 15/06/2025: "AI Fatigue and Crappiness": Links for the day
Microsoft Attack Dogs Against Watchdogs and Guard Dogs in Software: Last year Microsofters hired attack dogs or "guns for hire"
Slop Cannot Replace Domain Expertise: All this "AI" hype (it's not even intelligence, it's all a misnomer, as many of us have insisted all along) will fizzle and be written off as a failed experiment
IBM's Fresh 'PIPs' (Action Before Layoffs): At times like these, even once-reputable employers resort to PIPs and other procedures/tricks for denial of workers' rights
Microsoft is a Problem Not Just for Denmark: Every country should consider what Denmark is doing, why Denmark is doing it, and then do the same
The Slopfarms' Self Detonation: If more sites like BetaNews go under, then maybe we can still salvage some of the Web
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, June 14, 2025: IRC logs for Saturday, June 14, 2025
Links 14/06/2025: FDA Changes Priorities, Cassette Data Storage From The 1970s: Links for the day
Gemini Links 14/06/2025: Steam Next Fest and Thoughts on Gemini: Links for the day
Site/Datacentre Maintenance Next Week: speed things up
Bulgaria: GNU/Linux Near 10%: The Bulgarian market seems to be changing
I Never Spoke to BetaNews. But BetaNews Wants to Ensure I Never Will, Either.: Sometimes just the reluctance to talk about it can say a great deal
Throwing Money at Lawyers Can't Stop Us (It Never Did): Even just trying to censor things can result in the opposite of the desired outcome
Online Search or Large Search Engines Aren't Working Anymore: business models that directly compete with interests of Web users
Holidays and Breaks: I've hardly taken any long breaks since I got married
Danish OpenDocument Freedom: "year of Linux"
Links 14/06/2025: Wars and L.A. Distortion Effect: Links for the day
BetaNews Has More or Less Died After Experiments With LLM Slop, Is Linuxsecurity Next?: It doesn't seem like BetaNews knows what it's doing, let alone what it talks about
Gemini Links 14/06/2025: Historic Ada Design and GeminiSpace.Club to Expire: Links for the day
Links 14/06/2025: India Plane Crash and Middle-Eastern War: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, June 13, 2025: IRC logs for Friday, June 13, 2025
Gemini Links 13/06/2025: (Not)virtues and Project Yeet Broadband: Links for the day
Links 13/06/2025: Journalists Targeted by Cracking, China-Japan and Israel-Iran Tensions Grow: Links for the day
Links 13/06/2025: US Reduces Nonessential Staff at Baghdad Embassy Ahead of Strikes in Iran, Invasion of California Debated: Links for the day
X11 is Free Software: Whether you agree (e.g. on politics) with the person/s forking it doesn't matter
The More Time Passes, the Better Our Advice on Social Control Media Seems: At the end of the day, any platform you do not control yourself is working for someone else
Twitter (X) is Dying, Now It's Just Like a Mafia-Type Operation of the Man Who Does Nazi Salutes in Public: a form of extortion
UK High Court Blasts Brett Wilson LLP for Misusing "GDPR" After Failed Efforts to Censor Critics Using 'Libel' Claims: No wonder this firm is rapidly shrinking
Recent Blunders in Microsoft GitHub (e.g. Slop-Generated Bug Reports or GPL Violations 'as a Service') Taking Their Toll?: Put bluntly, if you still use Microsoft GitHub, then you're slave to Microsoft
American Imperialism and Microsoft Plagiarism: Techrights will therefore do what Microsoft does not want it to do: it'll write even more about Microsoft
When They Have Nothing Left to Help Advance Abusive Litigation for Microsoft People... Other Than Throwing ~500 Pages of Someone Else's Work Into a PDF: Microsoft is having a very tough year
The Price of Exposing Corruption in Poland (and Elsewhere): It's easier to participate in corruption than to merely do the right thing and oppose it
Slopwatch and Yet More Holes in 'Secure Boot' (as Usual!), Promoted Inside Linux by the Man We Are Suing: Today's Slopwatch will be short
Gemini Links 13/06/2025: People You've Left Behind, Life Update and OS Changes: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, June 12, 2025: IRC logs for Thursday, June 12, 2025