Skip to main content

​Another day, another OpenSSL patch

posted onJuly 13, 2015
by l33tdawg
Credit:

The latest OpenSSL security hole isn't a bad one as these things go. It's no Heartbleed, Freak, or Logjam. But it's serious enough that, if you're running alpha or beta operating systems, you shouldn't delay patching it.

Fortunately, the affected OpenSSL versions are not commonly used in enterprise operating systems. For example, it doesn't impact shipping and supported versions of Red Hat Enterprise Linux (RHEL) or Ubuntu. In the case of Ubuntu, it does affect the 15.10 development release, but the patch is already available.

In this OpenSSL bug, when OpenSSL (starting from version 1.0.1n and 1.0.2b) starts to verify a certificate, if its first attempt to build a secure certificate chain fails, it will attempt to find an alternative certificate chain. So far, so good.

Source

Tags

SSL Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th