OpenSSL Patches Multiple Vulnerabilities
Original release date: June 12, 2015
from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/1B7Y3Yh
OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.
Updates available include:
- OpenSSL 1.0.2b for 1.0.2 users
- OpenSSL 1.0.1n for 1.0.1 users
- OpenSSL 1.0.0s for 1.0.0d (and below) users
- OpenSSL 0.9.8zg for 0.9.8r (and below) users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/1B7Y3Yh