Skip to main content

OpenSSL fixes another severe vulnerability

posted onJune 5, 2014
by l33tdawg

The OpenSSL project has reported fixes for several vulnerabilities, at least one of them serious.

The most significant vulnerability is SSL/TLS MITM vulnerability (CVE-2014-0224). Unlike Heartbleed, which had been introduced into the program not long before, affects all versions of OpenSSL, including those that were patched to fix Heartbleed.

All client versions of OpenSSL are vulnerable. OpenSSL servers are only known to be vulnerable in versions 1.0.1 and 1.0.2-beta1. The bug was discovered by KIKUCHI Masashi (Lepidum Co. Ltd.) and reported to OpenSSL on May 1 via JPCERT/CC. Kikuchi has published his own explanation of the bug.

OpenSSL provides this advice:

  •     OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
  •     OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m
  •     OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h

Source

Tags

SSL Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th