New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Open SSL Patches Nine Vulnerabilities
Original release date: August 07, 2014
OpenSSL has released updates patching nine vulnerabilities, some of
which may allow an attacker to cause a Denial of Service (DoS)
condition or force the client to revert to a less secure Transport
Layer Security (TLS) 1.0 protocol. The following updates are
available:
-OpenSSL 0.9.8 users should upgrade to 0.9.8zb
- OpenSSL 1.0.0 users should upgrade to 1.0.0n
- OpenSSL 1.0.1 users should upgrade to 1.0.1i
US-CERT recommends users and administrators review the OpenSSL
Security Advisory for additional information and apply the necessary
updates.
And here is a link to the security advisory - https://www.openssl.org/news/secadv_20140806.txt
Comments
They said its not such a big security issue like lastime so.
Looks like after "heartbleed" bug every company hired internal developers to review the code of openssl.
That's actually good thing for open source software.
Time to upgrade..
A good thing only if they contribute back
Looks like Debian hasn't updated their repos yet, but Ubuntu has (at least on 12.04).
Debian has already updated, i patched some servers already.
For what I'm seeing, CentOS 6.5 has not yet updated their repos.
Yep, you are right.