Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google Log In with Steam Sign In
  • Create Account
Photo

OpenSSL patch fixes 7 vulnerabilities


  • Please log in to reply
No replies to this topic

#1
OFFLINE   sincity

sincity

    Advanced Member

  • Members
  • PipPipPipPip
  • 2089 posts
63
Getting Better
OpenSSL patch fixes 7 vulnerabilities

Good news for those who fear being victims of any OpenSSL vulnerability. Since the discovery of the Heartbleed bug, security experts are pouring over its source code, in a bid to tidy up what could be described as a messy coding chaos.

And the first patches have followed swiftly. The OpenSSL open source project has issued a security patch that aims to fix 7 vulnerabilities, 2 of which have been deemed critical by the SAMS Internet Storm Center.

The first one is a so-called man-in-the-middle flaw, using a OpenSSL exploit to tamper with traffic between clients and servers.

It was discovered by Japanese researcher Masashi Kikuchi from security company Lepidum and has been around for over 16 years, since the very inception of OpenSSL.

Kikuchi blames the insufficient number of code reviews as well as the lack of experience of reviewers for the time it took to unearth this vulnerability.

Another critical flaw was identified six weeks ago and is classified as a "Datagram Transport Layer Security (DTLS) invalid fragment vulnerability", which is a buffer overrun attack, allowing an arbitrary code to be executed on the compromised host.













0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users