The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.
Earlier this week, the OpenSSL Project advised users that patches scheduled to be released Thursday will address several security flaws, one of which was classified as high severity. The announcement gave rise to speculation and some people thought the upcoming vulnerability might have wide-ranging impact, on par with the critical Heartbleed flaw disclosed last April, which affected Web servers, client software, mobile apps and even hardware appliances.
OpenSSL released versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf Thursday to address 12 flaws, but not all OpenSSL versions were affected by all 12 flaws.
The most serious of those vulnerabilities is tracked as CVE-2015-0291 and can lead to denial-of-service attacks. The issue only affects the 1.0.2 branch of OpenSSL.
Read the Full Article: Source – Computer World
http://www.computerworld.com/article/2899482/openssl-fixes-serious-denial-of-service-bug-11-other-flaws.html
Leave a Reply
You must be logged in to post a comment.