OpenSSL Security Updates – Severity: High

openssl updates by version

A new set of security updates for OpenSSL were just released this morning to address various security vulnerabilities, some of which are considered to be “high” severity. Please update as soon as possible. To update keep an eye open for Linux distro updates via package managers such as yum, apt-get, etc. Control panel updates for cPanel and others will be released over the next few days.

Official update: https://openssl.org/news/secadv_20150319.txt

The main bug is a denial-of-service condition that affects only version 1.0.2. OpenSSL also re-categorized the FREAK vulnerability as high. This bug, allows an attacker to downgrade crypto on a server to 512 bits, intercept encrypted traffic, and decrypt it. OpenSSL was notified Oct. 22 about FREAK, which stands for Factoring Related Attack on RSA Keys. There are a dozen other vulnerabilities (nine ranked moderate, and three low) in older versions that were also patched today.
 
 
 
* Chart from Spyros3000
Related:  CVE-2014-6271: Vulnerability in Bash allows remote execution of arbitrary code

Tags: , , , ,

20 Shares
Tweet
Share20
+1
Reddit