OpenSSL Patching Vulnerabilities

Wednesday, March 18, 2015 @ 12:03 PM gHale


New versions of OpenSSL will release Thursday to patch security vulnerabilities, one of which is highly serious, said members of the OpenSSL Project Team.

The updates will be in OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, according to an advisory.

RELATED STORIES
Apple Gets the FREAK Out
Patch Tuesday Features FREAK Focus
Difficult to Detect Exploit Kit
FREAK Affects All Windows Versions

Problems ended up discovered over the last year in OpenSSL, a widely used open-source software that encrypts communications using the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol.

OpenSSL has been undergoing a security audit since the Heartbleed flaw ended up discovered last April. The vulnerability is a serious issue that can leak memory from a server, potentially exposing login credentials, cryptographic keys and other private data.

The software also suffered from FREAK, a flaw revealed earlier this month that can allow an attacker to initiate a weaker type of encrypted connection that is possible to compromise easily.



Leave a Reply

You must be logged in to post a comment.