Another Critical Flaw in OpenSSL

Another Critical Flaw in OpenSSL

(June 5, 2014)

The OpenSSL Project has released an update to address six new vulnerabilities. The most serious of the bunch could be exploited in a man-in-the-middle attack or to run arbitrary code. News of this flaw comes just weeks after the disclosure of the Heartbleed vulnerability in the OpenSSL cryptographic library drew attention to the lack of support for the widely used open source software.

Reference URLs:

https://isc.sans.edu/forums/diary/Critical+OpenSSL+Patch+Available+Patch+Now+/18211

https://isc.sans.edu/forums/diary/Updated+OpenSSL+Patch+Presentation/18219

https://isc.sans.edu/forums/diary/More+Details+Regarding+CVE-2014-0195+DTLS+arbitrary+code+execution+/18217

http://www.theregister.co.uk/2014/06/05/openssl_bug_batch/

http://www.scmagazine.com/seven-vulnerabilities-addressed-in-openssl-update-one-enables-mitm-attack/article/351323/

http://www.darkreading.com/vulnerabilities---threats/new-openssl-flaw-exposes-ssl-to-man-in-the-middle-attack/d/d-id/1269452?

http://arstechnica.com/security/2014/06/still-reeling-from-heartbleed-openssl-suffers-from-crypto-bypass-flaw/

http://www.zdnet.com/openssl-fixes-another-severe-vulnerability-7000030253/

http://www.wired.com/2014/06/heartbleed-redux-another-gaping-wound-in-ssl-uncovered/