In association with heise online

« previous | next »
27 March 2009, 10:19

Security update for OpenSSL

The OpenSSL developers have released version 0.9.8k which eliminates three vulnerabilities in the processing of certificates. One eliminated error could cause any OpenSSL-based application, such as SSL servers, clients or S/MIME software, to crash when printing or displaying a manipulated certificate. Another error, in the verification of CMS (Cryptographic Message Syntax) secured communications that allowed malformed attributes in a certificate, could make a certificate appear valid, even though it was not.

On some operating systems, a malformed ASN1 structure could, when freed, cause an invalid memory access. The problem only occurs on systems where sizeof(long) < sizeof(void *) such as 64 bit windows.

See also:

(djwm)

Add your comment

« previous | next »
Print version | Send by email
  • Share this article
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit

Price Insight Top 10

  1. Sapphire Radeon HD 5850
  2. Intel X25-M G2 Postville 80GB
  3. HTC Desire
  4. AVM Fritz!Box Fon WLAN 7390
  5. Intel Core i5-750
  6. MSI R5770 Hawk, Radeon HD 5770
  7. AMD Phenom II X4 955 (C3) Black Edition
  8. Samsung EcoGreen F3 2000GB
  9. XFX Radeon HD 5850
  10. ASUS EAH5850/2DIS/1GD5

The H

The H open source

The H Security

The H Internet Toolkit