First published: 29th February 2016
The OpenSSL project team has announced that OpenSSL versions 1.0.2g, 1.0.1s will be released on 1st March 2016 between approximately 1300-1700 UTC (Tuesday 2100 and Wednesday 0100 Hong Kong time). They will fix several security defects, at least one of which is severity High.
Administrators can prepare for the release by checking which of their systems and services will need to be updated after the release. The OpenSSL library is widely used, some estimates suggest that 2/3rds of web servers rely on it for securing connections. The library is also used in many other packages, including the popular open-source virtual private network OpenVPN, and in commercial products, such as many devices produced by Cisco.