27 March 2009, 09:19
Security update for OpenSSL
The OpenSSL developers have released version 0.9.8k which eliminates three vulnerabilities in the processing of certificates. One eliminated error could cause any OpenSSL-based application, such as SSL servers, clients or S/MIME software, to crash when printing or displaying a manipulated certificate. Another error, in the verification of CMS (Cryptographic Message Syntax) secured communications that allowed malformed attributes in a certificate, could make a certificate appear valid, even though it was not.
On some operating systems, a malformed ASN1 structure could, when freed, cause an invalid memory access. The problem only occurs on systems where sizeof(long) < sizeof(void *) such as 64 bit windows.
See also:
- OpenSSL Security Advisory (25-Mar-2009), OpenSSL advisory.
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-740799
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
