OpenSSL New Buffer Overrun Attack
OpenSSL core team informed about a new vulnerability in OpenSSL based TLS server. Users of all OpenSSL 0.9.8 are invited to upgrade immediately to OpenSSL 0.9.8p, in which the bug has been fixed. And Users of OpenSSL 1.0.0 and 1.0.0a are also invited to upgrade to 1.0.0b.
If upgrading is not immediately possible, you can use the relevant source code patch provided at the advisory. As reported in the announcement only multi-threaded programs that uses caching mechanism built into OpenSSL are vulnerable. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected.
For more information you can read the Security Advisory:
http://www.openssl.org/news/secadv_20101116.txt
make sure you subscribe to my RSS feed!
[…] This post was mentioned on Twitter by Jovi Umawing, Seeb, Everson Tavares, Mourad ben lakhoua, Mourad Ben Lakhoua and others. Mourad Ben Lakhoua said: OpenSSL New Buffer Overrun Attack: OpenSSL core team informed about a new vulnerability in OpenSSL base… http://bit.ly/cCtHcY […]
RT @StopMalvertisin: OpenSSL New Buffer Overrun Attack http://bit.ly/bsjaSE | SecTechno
OpenSSL New Buffer Overrun Attack http://bit.ly/bsjaSE | SecTechno
OpenSSL New Buffer Overrun Attack: [sectechno.com] #core_team informed about a new #vulnerability in OpenSSL based… http://dlvr.it/8mrlh
RT @sectechno: OpenSSL New Buffer Overrun Attack http://www.sectechno.com/2010/11/18/openssl-new-buffer-overrun-attack/ #security #infosec
RT @sectechno: OpenSSL New Buffer Overrun Attack http://www.sectechno.com/2010/11/18/openssl-new-buffer-overrun-attack/ http://fb.me/FJ2 …
OpenSSL New Buffer Overrun Attack http://www.sectechno.com/2010/11/18/openssl-new-buffer-overrun-attack/ http://fb.me/FJ2HyCdk
OpenSSL New Buffer Overrun Attack:
OpenSSL core team informed about a new vulnerability in OpenSSL base… http://bit.ly/cCtHcY
[SecTechno] OpenSSL New Buffer Overrun Attack http://bit.ly/cCtHcY #security
#Security #infosec OpenSSL New Buffer Overrun Attack:
OpenSSL core team informed about a new vulnerabil… http://bit.ly/cCtHcY
OpenSSL New Buffer Overrun Attack http://bit.ly/cCtHcY