High-Severity DoS Vulnerability Patched in OpenSSL

The flaw, tracked as CVE-2022-0778, was reported to the OpenSSL Project by Google vulnerability researcher Tavis Ormandy. The security hole affects OpenSSL versions 1.0.2, 1.1.1 and 3.0, and it has been fixed with the release of versions 1.0.2zd (for premium support customers), 1.1.1n and 3.0.2. Version 1.1.0 is also impacted, but it’s no longer supported Read more about High-Severity DoS Vulnerability Patched in OpenSSL[…]

Kubernetes container runtime CRI-O has make-me-root flaw

A vulnerability in the container runtime engine CRI-O can be exploited by a rogue user to gain root-level access on a host. In a Kubernetes environment powered by CRI-O, the security hole can be used by a miscreant to move through a cluster as an administrator, install malware, and cause other chaos. CrowdStrike’s threat research Read more about Kubernetes container runtime CRI-O has make-me-root flaw[…]