Number: IRCNE2015032458
Date: 2015/03/20
According to “zdnet”,two "high" severity flaws have been fixed in the latest version of OpenSSL.
The development project released versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf on Thursday after a number of flaws were reported privately.
One of the most severe flaws could be exploited to launch a denial-of-service attack against a server running the affected 1.0.2 version of the software.
The second flaw was initially classified as "low" priority, but was upgraded after recent studies showed that server RSA export ciphersuite support is not as rare as first thought.A total of 12 vulnerabilities were patched in this release.
OpenSSL serves as one of the most popular open-source and widely available toolkits for implementing SSL and TLS. It's deployed at some of the largest and best-known services, including Facebook, Google, Yahoo, and across the federal government.
- 2