[Skip navigation links]

New serious openssl vulnerabilities

OpenSSL has announced several new vulnerabilities that affect clients and servers that use OpenSSL.

The various vulnerabilities, if exploited, would allow an attacker to:

  • conduct a man-in-the-middle attack
  • deny service
  • execute arbitrary code.

 

As this was a properly coordinated release, many vendors already have patches including RedtHat, Debian and others.

Details of the vulnerability are: http://www.openssl.org/news/secadv_20140605.txt

SANS analysis is here: https://isc.sans.edu/diary/Critical+OpenSSL+Patch+Available.+Patch+Now!/18211

ThreatPost https://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470