Bonum Certa Men Certa

Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn't Critical, Isn't Actively Exploited, and Even Red Hat's Distro Isn't Patching Yet

Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0 Irresponsible Misinformation About OpenSSL Creative Commons Attribution-No Derivative Works 4.0



Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded "news" (noise) sites, Red Hat -- and to a lesser extent Fedora -- exaggerated the severity of bugs a week before their details' release (long and purposeless suspense); it's a case of a boy who cries "wolf!" to get "likes" in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo

A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week's worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it's worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not "0-day" and there is no immediate rush to patch (in some cases there is no patch, either).



"We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already."The 8 URLs from the video are listed below in a logical order. To quote [4] below "Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?"

We perceive this to be a bit of a media blunder, taking informal "tweets" at face value and trying to compete over who produces the most scary headline/s for about a week already.

Links from the video above



  1. OpenSSL 3.0 Series Release Notes
  2. Vulnerabilities list
  3. OpenSSL Security Advisory [01 November 2022]
  4. CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
  5. Comments: OpenSSL Outlines Two High Severity Vulnerabilities
  6. OpenSSL 3.0.7 released
  7. OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
  8. OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow

Recent Techrights' Posts

We Seem to Have Abandoned Science and Replaced Sound Policy With Private Patent Shareholders and College Dropouts Like Bill Epsteingate
Because of what they did there are now many people out there who reject all vaccines
Many IBM Layoffs, Centred Around Expert Labs US in Atlanta (Offer of "Relocation" Where No Such Option Exists)
So Techrights was assessing comments/gossip online and it was right about the Thursday cull
Richard Stallman's Next Public Talk is in Milan, Italy Next Week
Happy hacking
Why We'll Continue Covering EPO Abuses (Other Patent Offices as Well, as the Need Arises) for Many Years to Come
We're basically becoming Russia
These Feet Are Made for Walking
Humans are apparently so very clever that they decided to form a "progressive" consensus: feet no more
 
The Microsofter Who Kept Sending Threatening Post and E-mail to My Wife Has Been Joking He'd Work on Code for "Sexual Favours"
For one thing, for software professionals (like for landlords), this is outright illegal and you'd get arrested for it, and moreover it's no joking matter because there are many real victims of such sexual exploitation
Links 23/05/2025: Violent Attacks on the Press, VMware Price Hikes, Vista 11 Considered Unsuitable for Any Confidentiality
Links for the day
Gemini Links 23/05/2025: Balkan Tourism, UK Polls, Reticulum and Meshtastic
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, May 22, 2025
IRC logs for Thursday, May 22, 2025
Back to Basics, Folks, "AI" (Plagiarism) is Symptom of a Dying Industry Looking for Whatever Prey It Can Devour
lousy/sloppy imitations
Liam Proven's Thoughts on "AI" Being a Scam No Different From Religions, Alternative Medicine, and More
"Is there anywhere outside of retrocomputing that doesn't have AI in it?"
Slopwatch: Slopfarms That 'Hallucinate' (Yield Falsehoods) Cited as Credible Sources and Microsoft Media Gaslighting Everybody
Part of the problem is, Google News
More Media Coverage and Photos From Richard Stallman's Presentation in Liberec (Czech Republic)
Here are some photos
The Microsofter Who Kept Sending Threatening Post and E-mail to My Wife Has Been Spooking Women for at Least Two Decades
censorship was the ultimate goal
Links 22/05/2025: Openwashing, Dumping Microsoft's Entrapment (Microsoft GitHub), and New Climate Disasters
Links for the day
Gemini Links 22/05/2025: Crimson Pro Font and CGI in Bash
Links for the day
IBM Goes to India, Fires People in the United States (Under the Guise of "Relocation" or Similar), Accusation of Bribery in the Company
LLM slop sites (some are pure slopfarms) from India say the IBM layoffs result in hiring "AI" (the "I" stands for India)
Links 22/05/2025: TikTok Laying Off Again, Microsoft-Backed Builder.ai Set for Bankruptcy, Scam Altman Uses 'Funny Money' to 'Buy' (Hire) Company
Links for the day
The Evolution of Microsoft's War on GNU/Linux
13 sins
OFTC Has Just Culled About a Third of Its Online Users
It's not the first time they purge or force offline many people/bots
My New Desk Arrangement (and More Breaks From the Keyboard)
all in all yesterday I devoted 4-5 hours to redoing and shuffling stuff
Central Staff Committee of the EPO Opposes Abuses Against EPO Staff, Challenging SuccessFactors Stunts
Europe became institutionally colonised
Gemini Links 22/05/2025: "Conspirituality" and Visiting One's Old University
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 21, 2025
IRC logs for Wednesday, May 21, 2025
Bigots and Lunatics Who Attack Microsoft Critics, Projecting Their Own Bigotry by Accusing Others of Imaginary Things (Which They're Innocent Of)
"In psychology, projection refers to assigning your negative traits or unwanted emotions to others without being aware you’re doing it."
"The Appeals Committee [at the EPO] Unanimously Stated a Formal Flaw in the Consultation of the General Consultative Committee (GCC) on the Reform"
It's a truly horrifying situation
Microsoft Killed the Term "Open Source" (by Bribing/Taking Over OSI, 'Linux' Foundation Etc.) and Now It Needs to Kill the Brand Linux (Because Windows Just Won't Run!)
Why else would Microsoft falsely describe Windows as "Linux" and "Open Source"?
Slopwatch: Liars for Microsoft, Plagiarism, and IBM Red Hat Markets Slop as "AI"
Today was a bad day news-wise
Links 21/05/2025: Climate Problems and Ceasefires No Longer Foreseen
Links for the day
Gemini Links 21/05/2025: "Shrimps of Doom" and "ASCII-graphs"
Links for the day
Links 21/05/2025: GitHub Becoming Slop, MElon as a Drug Addict Considered National Security Risk
Links for the day
Slopwatch: Slopfarms 'Think' Redis is "Linux" (RedisRaider)
Today we'll keep it short and to the point again
IBM Has Allegedly Just Sacked Mr. McKinsey (McK), Clay Cowan, Its Fourth CMO in a Few Years
To insiders he represented the company that's killing IBM or advising IBM on how to self-destruct
Gemini Links 21/05/2025: Trips, 4D Golf, and Writing Software
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 20, 2025
IRC logs for Tuesday, May 20, 2025