In association with heise online

27 March 2009, 09:19

Security update for OpenSSL

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The OpenSSL developers have released version 0.9.8k which eliminates three vulnerabilities in the processing of certificates. One eliminated error could cause any OpenSSL-based application, such as SSL servers, clients or S/MIME software, to crash when printing or displaying a manipulated certificate. Another error, in the verification of CMS (Cryptographic Message Syntax) secured communications that allowed malformed attributes in a certificate, could make a certificate appear valid, even though it was not.

On some operating systems, a malformed ASN1 structure could, when freed, cause an invalid memory access. The problem only occurs on systems where sizeof(long) < sizeof(void *) such as 64 bit windows.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit