November 18th, 2010 
Mourad Ben Lakhoua 
OpenSSL core team informed about a new vulnerability in OpenSSL based TLS server. Users of all OpenSSL 0.9.8 are invited to upgrade immediately to OpenSSL 0.9.8p, in which the bug has been fixed. And Users of OpenSSL 1.0.0 and 1.0.0a are also invited to upgrade to 1.0.0b.
If upgrading is not immediately possible, you can use the relevant source code patch provided at the advisory. As reported in the announcement only multi-threaded programs that uses caching mechanism built into OpenSSL are vulnerable. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected.
For more information you can read the Security Advisory:
http://www.openssl.org/news/secadv_20101116.txt
make sure you subscribe to my RSS feed!
Posted in 
Tags: 
Pingback: SecureTechnology
Pingback: A. Vanderslyke
Pingback: Mourad Ben Lakhoua
Pingback: Jovi Umawing
Pingback: Mourad ben lakhoua
Pingback: Everson Tavares
Pingback: Seeb
Pingback: Tweets that mention OpenSSL New Buffer Overrun Attack | SecTechno -- Topsy.com
Pingback: Win Security
Pingback: Kimberly
Pingback: Chad Choron