Freeware Files | Download Free Software

Friday, 06 June 2014 15:29

OpenSSL patch fixes 7 vulnerabilities

Rate this item
(1 Vote)

Good news for those who fear being victims of any OpenSSL vulnerability.

Since the discovery of the Heartbleed bug, security experts are pouring over its source code, in a bid to tidy up what could be described as a messy coding chaos.

And the first patches have followed swiftly. The OpenSSL open source project has issued a security patch that aims to fix 7 vulnerabilities, 2 of which have been deemed critical by the SAMS Internet Storm Center.

The first one is a so-called man-in-the-middle flaw, using a OpenSSL exploit to tamper with traffic between clients and servers.

It was discovered by Japanese researcher Masashi Kikuchi from security company Lepidum and has been around for over 16 years, since the very inception of OpenSSL.

Kikuchi blames the insufficient number of code reviews as well as the lack of experience of reviewers for the time it took to unearth this vulnerability.

Another critical flaw was identified six weeks ago and is classified as a "Datagram Transport Layer Security (DTLS) invalid fragment vulnerability", which is a buffer overrun attack, allowing an arbitrary code to be executed on the compromised host.

Source

Subscribe via RSS or Email:

 
Read 1643 times Last modified on Friday, 06 June 2014 18:52

Comments   

0 #1 Michael A 2014-06-07 18:47
AFAIR the patch was available one day after the discovery of heartbleed. That normal with Free Software.

Only mislead users of commercial scrap have to wait months or years before well known security breaches get closed.
Quote
  1. Latest News
  2. Most Popular
  3. Top Rated
  4. Latest Comments
  • Michael A
    Why they do not shut down the company that provides the faulty patchwork systems that make such malware first possible? No, not because of a faulty ...

    Read more...

     
  • Moubreb
    The people at any router between You and facebook can read Your communication if: 1. You're using an http: connection 2. A fake facebook certificate ...

    Read more...

     
  • theoctagon
    You could always just use what's already baked in: Android Device Manager. https://www.google.com/android/devicemanager

    Read more...

     
  • Michael A
    AFAIR the patch was available one day after the discovery of heartbleed. That normal with Free Software. Only mislead users of commercial scrap have ...

    Read more...

next
prev

Quick Search

Powered by Liquidtroll
Prev Next

Twitter app downloads could put users at risk

20-04-2014 Hits:807 Security Panagiotis K. - avatar Panagiotis K.

Twitter app downloads could put users at risk

Twitter announced that it is putting its MoPub acquisition to use by enabling Twitter marketers to promote and distribute mobile apps. There is a potential opportunity there, though, for attackers to...

Tests confirm Heartbleed bug can expose server's private key

14-04-2014 Hits:760 Security Panagiotis K. - avatar Panagiotis K.

Tests confirm Heartbleed bug can expose server's private key

Four researchers working separately have demonstrated a server’s private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed. The findings come shortly after a challenge...

Chrome Used More Than Firefox, Opera And Internet Explorer Combined

28-10-2013 Hits:1148 Latest Vasia L. - avatar Vasia L.

Chrome Used More Than Firefox, Opera And Internet Explorer Combined

Google Chrome is absolutely dominating the web browser market, at least according to social analytics firm Shareaholic, which yesterday released usage statistics for all browsers worldwide. The data, which covers the 2013...

Feature Examples of Known Hackers

29-11-2012 Hits:2443 Hacking Vasia L. - avatar Vasia L.

Feature Examples of Known Hackers

The world's most famous hacker is the American Kevin Mitnick, who after serving long prison decided to cooperate with the authorities in the fight against cybercrime. Regarded as a legend...

Europe Union moves aginst Google for users privacy statement

18-10-2012 Hits:1541 Latest Panagiotis K. - avatar Panagiotis K.

Europe Union moves aginst Google for users privacy statement

After nine months of searching for ways in which Google collect user data for commercial purposes, the European Union intends to push the company to change its methods. Twelve recommendations have...