Some OpenSSL versions suffered serious leak – Update




The OpenSSL developers spend Thursday a new version of their software, which requires to fix a serious security problem. Especially servers use OpenSSL to provide SSL / TLS connections.

Lack ssl The developers are not yet known to what exactly the problem is. They report , however, that the leak has been classified as ‘serious’. This means that the chance that attackers exploit it. The next 1.0.2d- and 1.0.1p releases fix the leak, which has affected all versions except 1.0.0 and 0.9.8.

Servers often use OpenSSL to provide SSL and TLS connections. Also, some browsers and operating systems to end users such as Linux distributions, use the SSL library. Google used OpenSSL to last year Chrome OS and Android, but eventually made its own implementation of the software.

The OpenSSL Project is a turbulent time behind us. Last year took the so-called Heart Bleed bug causes a portion of the internal memory of servers and clients was read out by OpenSSL. The bug unleashed a storm of criticism on OpenSSL, which would be poorly maintained. Later turned OpenSSL least still contain a serious leak.

Update, 20:25 am – 1.0.2d- and 1.0.1p releases fix the leak right, instead of what was written earlier. The article has been adjusted accordingly.


In: Technology & Gadgets Asked By: [17595 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »