728x90
An OpenSSL security advisory issued earlier today on Thursday 2015-06-11 [1]. According to the advisory users should upgrade OpenSSL to fix vulnerabliities that could be exploited by a Logjam attack [2].
The issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
- OpenSSL 1.0.2 users should upgrade to 1.0.2b
- OpenSSL 1.0.1 users should upgrade to 1.0.1n
- OpenSSL 1.0.0 users should upgrade to 1.0.0s
- OpenSSL 0.9.8 users should upgrade to 0.9.8zg
Related vulnerabilities from the announcement:
Of note, support for OpenSSL versions 1.0.0 and 0.9.8 will cease at the end of the year on 2015-12-31. No security updates for 1.0.0 and 0.9.8 will be provided after that. Users are advised to upgrade to the latest versions of 1.0.1 or 1.0.2.
References:
[1] http://openssl.org/news/secadv_20150611.txt
[2] https://weakdh.org/
728x90
'취약점 정보1' 카테고리의 다른 글
| OpenSSL 취약점 보안업데이트 권고 (0) | 2015.07.11 |
|---|---|
| Cisco default credentials - again! (0) | 2015.06.27 |
| Samsung Galaxy S phones fail to properly validate Swiftkey language pack updates (0) | 2015.06.17 |
| 블루코트 ssl취약점 (0) | 2015.06.02 |
| Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS (0) | 2015.05.21 |