Reading Time: 1 minute

OpenSSL has released updates patching eight vulnerabilities, one of which may allow an attacker to cause a Denial of Service condition.

The OpenSSL security update addresses a vulnerability where sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

OpenSSL is an open-source implementation of the SSL and TLS protocols that are used to create secure, encrypted communication between clients and servers. As of 2014, two thirds of all webservers use OpenSSL.

In the past year, OpenSSL has come under closer scrutiny because of several high profile vulnerabilities, including the so called Heartbeat and Poodle bugs which hackers could be exploit to intercept and read messages.

Updates Available

The following updates are available:
OpenSSL 1.0.1k for 1.0.1 users
OpenSSL 1.0.0p for 1.0.0 users
OpenSSL 0.9.8zd for 0.9.8 users