OpenSSL Affected By Four More Security Vulnerabilities
The OpenSSL project made public today four new security advisories. Three of the issues are considered of moderate severity while one is low.
One issue is about BN_mod_exp producing incorrect results on xx86_64, a certificate verify crash with missing PSS parameter, X509_ATTRIBUTE memoryl eak, and the low issue is a race condition handling PSK identify hint.
New versions of OpenSSL 0.9.8 and 1.0.0 series are released, but these are anticipated to be the last security fixes to be released in those series. Users are encouraged to upgrade.
More details via the OpenSSL.org security advisory.
One issue is about BN_mod_exp producing incorrect results on xx86_64, a certificate verify crash with missing PSS parameter, X509_ATTRIBUTE memoryl eak, and the low issue is a race condition handling PSK identify hint.
New versions of OpenSSL 0.9.8 and 1.0.0 series are released, but these are anticipated to be the last security fixes to be released in those series. Users are encouraged to upgrade.
More details via the OpenSSL.org security advisory.
13 Comments