Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: OpenSSL reissues fix for ASN1 BIO vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSL reissues fix for ASN1 BIO vulnerability

OpenSSL has posted an updated advisory today indicating the fix for CVE-2012-2110 released on 19APR2012 was not sufficient to correct the ASN1 BIO vulnerability issue for OpenSSL version 0.9.8.

Please note that this latest issue only affects OpenSSL 0.9.8v.  OpenSSL 1.0.1a and 1.0.0i already contain a patch as released on the 19th sufficient to correct CVE-2012-2110.

Please upgrade to 0.9.8w.



Russ McRee

204 Posts
ISC Handler
Apr 24th 2012

Sign Up for Free or Log In to start participating in the conversation!