ID: IRCNE2012011381
Date: 2012-01-21
According to "computerworld", The OpenSSL Project has released new versions of the popular OpenSSL library in order to address a denial-of-service (DoS) vulnerability that was introduced by a critical patch issued on Jan. 6.
"A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack," the OpenSSL developers warned in a newly published advisory. The issue has been addressed in the new OpenSSL 1.0.0g and 0.9.8t versions released on Wednesday.
CVE-2011-4108 refers to a serious vulnerability in OpenSSL's implementation of the DTLS (Datagram Transport Layer Security) protocol, which allows attackers to decrypt secured communications without knowing the encryption key.
Users who have not yet upgraded to OpenSSL 1.0.0f or 0.9.8s in order to protect their DTLS applications against CVE-2011-4108, are advised to upgrade directly to the newly released OpenSSL 1.0.0g or 0.9.8t.
OpenSSL is available for a wide variety of platforms, including Linux, Solaris, Mac OS X, BSD, Windows and OpenVMS. Some of these operating systems include OpenSSL by default and deliver updates for it through their own channels.
- 2