OpenSSL New Buffer Overrun Attack


OpenSSL core team informed about a new vulnerability in OpenSSL based TLS server. Users of all OpenSSL 0.9.8 are invited to upgrade immediately to OpenSSL 0.9.8p, in which the bug has been fixed. And Users of OpenSSL 1.0.0 and 1.0.0a are also invited to upgrade to 1.0.0b.

If upgrading is not immediately possible, you can use the relevant source code patch provided at the advisory. As reported in the announcement only multi-threaded programs that uses caching mechanism built into OpenSSL are vulnerable. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected.

For more information you can read the Security Advisory:
http://www.openssl.org/news/secadv_20101116.txt

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
11 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] This post was mentioned on Twitter by Jovi Umawing, Seeb, Everson Tavares, Mourad ben lakhoua, Mourad Ben Lakhoua and others. Mourad Ben Lakhoua said: OpenSSL New Buffer Overrun Attack: OpenSSL core team informed about a new vulnerability in OpenSSL base… http://bit.ly/cCtHcY […]

trackback

RT @StopMalvertisin: OpenSSL New Buffer Overrun Attack http://bit.ly/bsjaSE | SecTechno

trackback

OpenSSL New Buffer Overrun Attack http://bit.ly/bsjaSE | SecTechno

trackback

OpenSSL New Buffer Overrun Attack: [sectechno.com] #core_team informed about a new #vulnerability in OpenSSL based… http://dlvr.it/8mrlh

trackback

RT @sectechno: OpenSSL New Buffer Overrun Attack https://www.sectechno.com/2010/11/18/openssl-new-buffer-overrun-attack/ #security #infosec

trackback
trackback
trackback

OpenSSL New Buffer Overrun Attack:

OpenSSL core team informed about a new vulnerability in OpenSSL base… http://bit.ly/cCtHcY

trackback

[SecTechno] OpenSSL New Buffer Overrun Attack http://bit.ly/cCtHcY #security

trackback

#Security #infosec OpenSSL New Buffer Overrun Attack:

OpenSSL core team informed about a new vulnerabil… http://bit.ly/cCtHcY

trackback

OpenSSL New Buffer Overrun Attack http://bit.ly/cCtHcY