Jump to content


OpenSSL patch fixes 7 vulnerabilities

  • Please log in to reply
No replies to this topic

OFFLINE   sincity


    Advanced Member

  • Members
  • PipPipPipPip
  • 2980 posts
Getting Better
OpenSSL patch fixes 7 vulnerabilities

Good news for those who fear being victims of any OpenSSL vulnerability. Since the discovery of the Heartbleed bug, security experts are pouring over its source code, in a bid to tidy up what could be described as a messy coding chaos.

And the first patches have followed swiftly. The OpenSSL open source project has issued a security patch that aims to fix 7 vulnerabilities, 2 of which have been deemed critical by the SAMS Internet Storm Center.

The first one is a so-called man-in-the-middle flaw, using a OpenSSL exploit to tamper with traffic between clients and servers.

It was discovered by Japanese researcher Masashi Kikuchi from security company Lepidum and has been around for over 16 years, since the very inception of OpenSSL.

Kikuchi blames the insufficient number of code reviews as well as the lack of experience of reviewers for the time it took to unearth this vulnerability.

Another critical flaw was identified six weeks ago and is classified as a "Datagram Transport Layer Security (DTLS) invalid fragment vulnerability", which is a buffer overrun attack, allowing an arbitrary code to be executed on the compromised host.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users