Friday, June 6, 2014

OpenSSL Releases Security Advisory

Original release date: June 05, 2014

OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code.

The following updates are available:
OpenSSL 0.9.8 SSL/TLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 SSL/TLS users should upgrade to 1.0.0m
OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1h

US-CERT recommends users and administrators review Vulnerability Note VU#978508 and the OpenSSL advisory for additional information and apply the necessary updates.