SWITCH Security-Blog

SWITCH-CERT IT-Security Blog

Breaking News: New OpenSSL Vulnerabilities

4 Comments


Today the OpenSSL team announced new versions of the popular openssl libraries, which fixes several critical vulnerabilities. At the time of writing no exploits are seen in the wild. Never the less we suggest to patch in timely manner.

The following versions are affected:

  • OpenSSL 0.9.8
  • OpenSSL 1.0.0
  • OpenSSL 1.0.1

Most of the popular OS vendors should have patches out by now, or in a short while.

4 thoughts on “Breaking News: New OpenSSL Vulnerabilities

  1. Link is broken.

  2. Here’s a 10 minute podcast with an interview with Mark Cox about the latest OpenSSL vulnerabilities http://bit.ly/Th64oP

  3. How was CVE-2014-0224 found:
    http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html

    Much more interesting than the technical details is the question why it took 16 years to discover this issue. Personally I feel one aspect is that we all like to use free software for free as in free beer. But there is no such thing as free lunch (or beer). Someone has to pay for quality software, or rather for software engineers that produce quality, free, software. So this is good to see:

    https://www.openssl.org/support/acknowledgments.html