OpenSSL comes this week with Patch leak with high risk




The project team behind OpenSSL comes this week with a patch for two vulnerabilities, including one in the category “high” when it comes to the severity of the leak. This is a level below “critical”. It is not yet clear what vulnerabilities are involved.

SSL lock (fpa) Versions must eliminate the vulnerabilities 1.0.2f and 1.0.1r, this coming Thursday available. There are no further details are known, only that it involves two vulnerabilities with the assessment ‘high’ and ‘low’. OpenSSL uses four levels to assess the severity of a vulnerability, which “layer” is the lowest level and “critical” the highest level. It is therefore recommended to carry out an update, if the patch is available.

OpenSSL came in April 2014 in the news because of the critical Heart Bleed bug, which made ​​it possible to read out the internal memory of a Web server. Often vulnerabilities in OpenSSL big impact. The software is for example at more than 98 percent of all Debian machines, this is a version of Linux that is popular for use in servers. These use OpenSSL to provide secure SSL and TLS connections. Google used since 2014 as a fork of the software, called BoringSSL.


In: A Technology & Gadgets Asked By: [21995 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »