Find a Question:
OpenSSL comes this week with Patch leak with high risk
The project team behind OpenSSL comes this week with a patch for two vulnerabilities, including one in the category “high” when it comes to the severity of the leak. This is a level below “critical”. It is not yet clear what vulnerabilities are involved.
SSL lock (fpa) Versions must eliminate the vulnerabilities 1.0.2f and 1.0.1r, this coming Thursday available. There are no further details are known, only that it involves two vulnerabilities with the assessment ‘high’ and ‘low’. OpenSSL uses four levels to assess the severity of a vulnerability, which “layer” is the lowest level and “critical” the highest level. It is therefore recommended to carry out an update, if the patch is available.
OpenSSL came in April 2014 in the news because of the critical Heart Bleed bug, which made it possible to read out the internal memory of a Web server. Often vulnerabilities in OpenSSL big impact. The software is for example at more than 98 percent of all Debian machines, this is a version of Linux that is popular for use in servers. These use OpenSSL to provide secure SSL and TLS connections. Google used since 2014 as a fork of the software, called BoringSSL.Viewing:-182
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!