Announcement

Collapse
No announcement yet.

OpenSSL's Latest High Severity Issue Exposed

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    OpenSSL's Latest High Severity Issue Exposed

    Phoronix: OpenSSL's Latest High Severity Issue Exposed

    We heard another big OpenSSL vulnerability would be announced soon and today it's been made public: OpenSSL's latest "high" severity security vulnerability...

    OpenSSL's Latest High Severity Issue Exposed - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=OpenSSL-9-July-Flaw
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Oh, ffs. So vulnerability allowing bypassing entire cert trust system. I really wish they'd at least have the balls to use "means" there instead if "can mean". The security hole either exists or doesn't exists, there aren't maybe holes

    Comment

    • #3
      Hi Michael, is there news on the LibreSSL fork? I've been curious how that's progressing, and I would expect that resistance to this sort of new vulnerability is the exact reason for its existence. Is LibreSSL vulnerable to this one, for example?

      Comment

      • #4
        Originally posted by nanonyme View Post
        Oh, ffs. So vulnerability allowing bypassing entire cert trust system. I really wish they'd at least have the balls to use "means" there instead if "can mean". The security hole either exists or doesn't exists, there aren't maybe holes
        Just remember that every FOUND vulnerability is a vulnerability that will be squashed. Contrast this with closed source, similar severity of vulnerabilities certainly exist, they just may not EVER get found (or at least you never hear about them).

        Comment

        • #5
          Originally posted by droidhacker View Post

          Just remember that every FOUND vulnerability is a vulnerability that will be squashed. Contrast this with closed source, similar severity of vulnerabilities certainly exist, they just may not EVER get found (or at least you never hear about them).
          That's not the point. The point is that everybody keeps trying to play it off as a "it may or may not actually do this" when we all know it WILL do it.

          As mentioned earlier, has anybody taken a look at LibreSSL to see if this affects them?

          Comment

          • #6
            I am wondering about LibreSSL as well.

            Comment

            • #7
              LibreSSL is not vulnerable to CVE-2015-1793:
              'Not vulnerable to CVE-2015-1793' - MARC
              http://marc.info/?l=openbsd-tech&m=143645910727507&w=2

              Comment

              • #8
                Originally posted by Wingfeather View Post
                is there news on the LibreSSL fork?
                LibreSSL
                http://www.libressl.org/
                the main LibreSSL page

                ?LibreSSL 2.2.1 released July 8, 2015?


                Originally posted by Wingfeather View Post
                Is LibreSSL vulnerable to this one, for example?
                No, LibreSSL is immune: https://lwn.net/Articles/650644/rss?format=printable
                The idiots at OpenSSL managed to write this bug AFTER they started their so-called security effort.
                That's why OpenSSL is a waste of time and we all should move to Gentoo or Void Linux if established Linux distributors continue to insist on OpenSSL.

                Comment

                Previous template Next
                Working...
                X