OpenSSL Patches Multiple Vulnerabilities

Original release date: June 12, 2015

OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.

Updates available include:

  • OpenSSL 1.0.2b for 1.0.2 users
  • OpenSSL 1.0.1n for 1.0.1 users
  • OpenSSL 1.0.0s for 1.0.0d (and below) users
  • OpenSSL 0.9.8zg for 0.9.8r (and below) users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/1B7Y3Yh