It is currently 15-12-2017 15:14

Update OpenSSL 1.0 a, 1.0.1 and 1.0.2 i u fix multiple vulnerabilities will be available on September 22

Update OpenSSL 1.0 a, 1.0.1 and 1.0.2 i u fix multiple vulnerabilities will be available on September 22

by sigismund » 2016-09-20 22:15:03


One of the problems classified as high severity.


The OpenSSL Project team announced the release of corrective releases of OpenSSL 1.0 a, 1.0.1 and 1.0.2 i u, contains fixes for multiple security vulnerabilities. The developers did not elaborate on what problems it is, however, noted that one classified as high-severity. Release updates planned for September 22 this year.

Developers are also reminded of the discontinuance of the branch 1.0.1. After 31 December 2016 updates for this version of the library will not be issued.

According to the security policy OpenSSL the details about threat vulnerabilities are kept secret until the release of the updated software versions on all supported platforms. Usually errors a high degree of risk developers solve within a month, is critical – as soon as possible.

This year, the developers have eliminated a number of dangerous vulnerabilities in the OpenSSL library. In particular, in January was fixed the vulnerability that existed because of an error in the implementation of Diffie-Hellman, which in some cases led to the re-use of the same primes. In March, fixed the problem, CVE-2016-0800, allows you to make a new attack on HTTPS – DROWN (Decrypting RSA with Obsolete and Weakened eNcryption).
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5