OpenSSL contains one or more critical holes




The developers of OpenSSL roles Thursday a new version which should solve any serious security problems. Last year OpenSSL already faced with a large leak, causing the internal memory of servers could be read.

Lack ssl For whatever leak or leaks it goes, is not known; in the announcement of the release gives OpenSSL developer Matt Caswell just that one or more vulnerabilities are classified as ‘severe’. This classification is reserved for vulnerabilities whose chances are that they are being abused. These can be a denial of service, code execution or reading data from memory.

The bug can affect both servers and end users. OpenSSL is often used by servers to SSL / TLS connections to offer, but some browsers and operating systems for end users to use the SSL library. Below are the necessary Linux distributions. Google OpenSSL to last year in Chrome OS and Android, but the software has been forked to a private version. Which, however, is based on the code of OpenSSL, so that the vulnerability would systems still may be present.

Last year was a big bug in OpenSSL to the light . The Heartbleed bug made it possible to read out a portion of the internal memory of servers and clients with OpenSSL. The bug unleashed a storm of criticism on OpenSSL, which would be poorly maintained; Google and OpenBSD decided to forking the software. Incidentally vulnerabilities were also found in other SSL implementations last year.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »