Freeware Files | Download Free Software

Friday, 06 June 2014 15:29

OpenSSL patch fixes 7 vulnerabilities

Rate this item
(1 Vote)

Good news for those who fear being victims of any OpenSSL vulnerability.

Since the discovery of the Heartbleed bug, security experts are pouring over its source code, in a bid to tidy up what could be described as a messy coding chaos.

And the first patches have followed swiftly. The OpenSSL open source project has issued a security patch that aims to fix 7 vulnerabilities, 2 of which have been deemed critical by the SAMS Internet Storm Center.

The first one is a so-called man-in-the-middle flaw, using a OpenSSL exploit to tamper with traffic between clients and servers.

It was discovered by Japanese researcher Masashi Kikuchi from security company Lepidum and has been around for over 16 years, since the very inception of OpenSSL.

Kikuchi blames the insufficient number of code reviews as well as the lack of experience of reviewers for the time it took to unearth this vulnerability.

Another critical flaw was identified six weeks ago and is classified as a "Datagram Transport Layer Security (DTLS) invalid fragment vulnerability", which is a buffer overrun attack, allowing an arbitrary code to be executed on the compromised host.

Source

Subscribe via RSS or Email:

 
Read 1716 times Last modified on Friday, 06 June 2014 18:52

Comments   

0 #1 Michael A 2014-06-07 18:47
AFAIR the patch was available one day after the discovery of heartbleed. That normal with Free Software.

Only mislead users of commercial scrap have to wait months or years before well known security breaches get closed.
Quote
  1. Latest News
  2. Most Popular
  3. Top Rated
  4. Latest Comments
  • Michael A
    Why they do not shut down the company that provides the faulty patchwork systems that make such malware first possible? No, not because of a faulty ...

    Read more...

     
  • Moubreb
    The people at any router between You and facebook can read Your communication if: 1. You're using an http: connection 2. A fake facebook certificate ...

    Read more...

     
  • theoctagon
    You could always just use what's already baked in: Android Device Manager. https://www.google.com/android/devicemanager

    Read more...

     
  • Michael A
    AFAIR the patch was available one day after the discovery of heartbleed. That normal with Free Software. Only mislead users of commercial scrap have ...

    Read more...

next
prev

Quick Search

Powered by Liquidtroll
Prev Next

Europe Union moves aginst Google for users privacy statement

18-10-2012 Hits:1554 Latest Panagiotis K. - avatar Panagiotis K.

Europe Union moves aginst Google for users privacy statement

After nine months of searching for ways in which Google collect user data for commercial purposes, the European Union intends to push the company to change its methods. Twelve recommendations have...

OS X 10.10 expected to receive a major redesign this year

06-05-2014 Hits:1692 Apple Vasia L. - avatar Vasia L.

OS X 10.10 expected to receive a major redesign this year

A report claims that Apple will greatly focus on the changes and improvements it has made in the next major update of OS X at this year’s WWDC. The next OS X...

The Best Android Games: 12 Must-Play Titles

06-11-2013 Hits:1562 Games George Q - avatar George Q

The Best Android Games: 12 Must-Play Titles

Google's mobile OS keeps proliferating on more and more handsets and the games hitting that hardware keep getting better. Among our picks are Angry Birds Star Wars II, which is a...

Master Windows 8 gesture commands

01-04-2014 Hits:871 Microsoft Panagiotis K. - avatar Panagiotis K.

Master Windows 8 gesture commands

Windows 8 has a few new features (like the charms menu, the Start screen, and gesture commands) which may seem pointless or needlessly confusing at first blush. Experienced Windows users running...

Solar Roadways project aims to make the road network more energy-efficient

29-05-2014 Hits:1198 Latest Panagiotis K. - avatar Panagiotis K.

Solar Roadways project aims to make the road network more energy-efficient

Renewable energy is all the rage, but there’s a way to integrate renewable technologies with existing ones that we use every day. Take for instance roads. The Solar Roadways project aims...