OpenSSL just released a new version of the popular SSL/TLS toolkit.
This release fixes 2 moderate and 6 low vulnerabilities. “Luckily”, both moderate vulnerabilities can only lead to Denial of Service. The other 6 low vulnerabilities are either difficult to exploit or of unknown impact so while you should update (as always) it appears for now that there is no need to rush with this upgrade.
More information is available at http://openssl.org/news/secadv_20150108.txt.I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Munich July 2019
Jan 8th 2015
4 years ago