OpenSSL Security Advisory

July 10, 2015 | By Editor
1 Star2 Stars3 Stars4 Stars5 Stars

OpenSSL has recently disclosed a high severity vulnerability that may require you to upgrade your version of OpenSSL.

Comodo anticipates this flaw will only affect a small percentage of installations, largely because the bug only affects those that installed the OpenSSL release from June 2015. There are no reports of this bug being exploited in the wild.


Affected OpenSSL versions

1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

What is the flaw?

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate.

This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

How do I fix it?

Any systems using one of the vulnerable versions listed above need to be upgraded as follows:

– OpenSSL 1.0.2b/1.0.2c users should upgrade to OpenSSL 1.0.2d

– OpenSSL 1.0.1n/1.0.1o users should upgrade to OpenSSL 1.0.1p

If you are not running one of the versions above then you need take no action.

Red Hat has also announced that no Red Hat products are affected by the flaw described in CVE-2015-1793. It is expected that CentOS and Ubuntu are also not impacted.

The full announcement from OpenSSL is here

As always, Comodo is available to offer help and advice to our customers should they have further questions.


The Comodo CA team

Be Sociable, Share!


    Add new comment

    Your name

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


    What Hidden Threats LurkOn Your Endpoints?

    Get complete security from known and unknown threats from Comodo Endpoint Protection

    free threat scan

    How Secure is your network against Internet-based Attacks?

    Take the instant Network Security Assessment to get your security score!

    test my security now