New release for OpenSSL to fix several security vulnerabilities

Heartbleed OpenSSL security vulnerability is still not the last vulnerability we see for OpenSSL but we continue to find new and critical security issues in OpenSSL library.

New security advisory have been published that include several high severity vulnerabilities that require security update for the OpenSSL version. The first vulnerability If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.

The second vulnerability is very close to FREAK vulnerability which allow attacker to perform MITM attack against server that support RSA ciphersuite export. remaining vulnerabilities are ranked between moderate to low which developer also fix in this release.

If you are using OpenSSL make sure to update your packages and binary to latest version and fix these vulnerabilities. The new release advisory update can be found over this link:

Notify of
Inline Feedbacks
View all comments