OpenSSL Patches Vulnerabilities

Thursday, April 28, 2016 @ 02:04 PM gHale


The OpenSSL Project is getting ready to fix vulnerabilities affecting the crypto library.

OpenSSL versions 1.0.2h and 1.0.1t will release Tuesday to patch flaws, including ones rated “high severity.”

RELATED STORIES
Warning Software to Protect User
OpenSSL Vulnerable to Side Channel Attack
Voice Prints Could Secure Grid
Underwater Robots get Smarter

Issues that have a high severity rating affect less common configurations or are less likely to be exploitable. The OpenSSL Project tries to address and fix these holes within a month.

OpenSSL versions 1.0.0 and 0.9.8 are no longer supported and they will not receive any security updates. Support for version 1.0.1 will end December 31.

This will be the third time this year there were OpenSSL updates released. In late January, the OpenSSL Project fixed a high severity flaw that allows attackers to obtain information that can end up used to decrypt secure traffic, and a low severity SSLv2 cipher issue.

Updates released in March addressed low, medium and high severity vulnerabilities, including “DROWN,” a serious flaw that can end up exploited to crack encrypted communications.