[SECURITY] OpenSSL 1.0.1h

interfasys

interfasys

Verified User
Joined
Oct 31, 2003
Messages
1,816
Location
Switzerland
Now that lots of people are reviewing the code of OpenSSL, we're bound to see lots of these updates in the coming months...

Here is what 1.0.1h fixes:
  • SSL/TLS MITM vulnerability
  • DTLS recursion flaw
  • DTLS invalid fragment vulnerability
  • SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
  • SSL_MODE_RELEASE_BUFFERS session injection or denial of service
  • Anonymous ECDH denial of service


https://www.openssl.org/news/secadv_20140605.txt
 
Ok, what's the best way to upgrade other than via the OS package manager, which, are slow rolling stuff out?
 
It seems both CentOS 5 and CentOS 6 have already patched versions of OpenSSL. Just upgraded some servers already.
 
You must log in or register to reply here.
Back
Top