Tuesday 17 March 2015

Important Security Update For OpenSSL Announced


The OpenSSL developers have an important security announced Thursday that appears and fixes multiple vulnerabilities. One of these vulnerabilities as "high" classified, which the highest level for vulnerabilities that uses OpenSSL.

It is about vulnerabilities allowing attackers to cause a denial of service, a large amount of server memory leak or an attacker could execute arbitrary code remotely. What exactly the announced update will remedy is not yet published. OpenSSL is one of the most widely used software for encrypting Internet connections, for example between websites and their visitors. Last April the very serious Heartbleed bug was discovered in OpenSSL, which attackers information from the memory of web servers could steal, such as passwords.

Mark Cox OpenSSL lets via Twitter that the critical vulnerability is only present in OpenSSL 1.0.2. The problems in the other versions of OpenSSL as "moderate" and "low" rated and therefore also have a much lower impact. OpenSSL 1.0.2 is a new version on January 22 appeared and packed with new features. On many systems, this particular version is installed is unknown.

No comments:

Post a Comment