OpenSSL Released a fix to four vulnerabilities

0
0

OpenSSL have an update for the encryption package, the new version comes to fix four security vulnerabilities including a high severity vulnerability that allows attacker to perform a denial of service attack on vulnerable servers.this bug can be exploited by parsing code extension DTLS SRTP that will  cause OpenSSL to release up to 64 kilobytes of memory.

This will lead to memory leaks and makes server not properly performing till a DoS condition with a system not available. The bug affects versions of OpenSSL 1.0.1 server configurations as SSL / TLS, and DTLS.  Moreover, regardless of whether the extension SRTP and how it is configured. The only exception – the implementation of OpenSSL, compiled with the OPENSSL_NO_SRTP settings.

OpenSSL 1.0.1 users should upgrade to version 1.0.1j where they will also have a low severity fix to memory leak session and POODLE vulnerability in SSL 3.0.

you can read the release notes over this link: https://www.openssl.org/news/secadv_20141015.txt

Share