The OpenSSL developers have updated announced that will fix a vulnerability in versions 1.0.2d and 1.0.1p software. Versions 1.0.0 or 0.9.8 are not vulnerable. The leak is classified as "high", which is the highest level for vulnerabilities that uses OpenSSL.
This relates to vulnerabilities allowing attackers to cause a denial of service, a large amount of server memory may leak or an attacker could execute arbitrary code remotely. What exactly will the announced update remedy has not been disclosed.OpenSSL is one of the most widely used software for encrypting Internet connections, for example between websites and their visitors. Last April the Heart Bleed very serious bug was discovered in OpenSSL, allowing attackers memory information from Web servers to steal, such as passwords. The update is available from Thursday, July 9th.
No comments:
Post a Comment