crtical update of openssl closes 8 vulnerabilities or are you waiting to get hacked ?

"The OpenSSL Project released OpenSSL 1.0.1k, OpenSSL 1.0.0p, and OpenSSL 0.9.8zd on Thursday – addressing eight vulnerabilities altogether, two of which could lead to denial-of-service (DoS) attacks and are deemed moderate in severity.


CVE-2014-3571 is a DTLS segmentation fault in dtls1_get_record, according to an advisory, which explains that a “carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer deference,” and could lead to a DoS attack. OpenSSL versions 1.0.1, 1.0.0 and 0.9.8 are affected.

00:33 Gepost in itsecurity | Permalink | Commentaren (0)

De commentaren zijn gesloten.