OpenSSL has issued a security update for the CMS and S/MIME Bleichenbacher attack (CVE-2012-0884). "SSL/TLS applications are *NOT* affected by this problem since the SSL/TLS code does not use the PKCS#7 or CMS decryption code." [1] OpenSSL 0.9.8u and OpenSSL 1.0.0h are available for download here. [1] http://www.openssl.org/news/secadv_20120312.txt ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 522 Posts ISC Handler Mar 12th 2012 |
Thread locked Subscribe |
Mar 12th 2012 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!