OpenSSL Security Update Patches Denial of Service Vulnerability

January 9, 2015 | By K. Joseph Breheny

OpenSSL has released updates patching eight vulnerabilities, one of which may allow an attacker to cause a Denial of Service condition.

The OpenSSL security update addresses a vulnerability where sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

OpenSSL is an open-source implementation of the SSL and TLS protocols that are used to create secure, encrypted communication between clients and servers. As of 2014, two thirds of all webservers use OpenSSL.

In the past year, OpenSSL has come under closer scrutiny because of several high profile vulnerabilities, including the so called Heartbeat and Poodle bugs which hackers could be exploit to intercept and read messages.

Updates Available

The following updates are available:
OpenSSL 1.0.1k for 1.0.1 users
OpenSSL 1.0.0p for 1.0.0 users
OpenSSL 0.9.8zd for 0.9.8 users

Be Sociable, Share!

    Add new comment

    Your name

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>