Language Selection

English French German Italian Portuguese Spanish

OpenSSL Issues Fix

Filed under
Software
Security

The OpenSSL server has been patched to repair a critical security glitch that could be exploited in remote code execution attacks.

OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength, general purpose cryptography library.

The race condition flaw was found in the OpenSSL TLS server extension parsing code, affecting some multithreaded OpenSSL applications. Researchers at Red Hat Security, which relies on OpenSSL for an array of Red Hat Enterprise Linux products, warned in an advisory that under certain conditions, attackers could exploit the vulnerability by triggering a race condition that could cause the OpenSSL application to crash, or enable them to launch of a malicious attack.

The vulnerability, which Red Hat Security researchers ranked as "important" on their Common Vulnerability Scoring System, affects all versions of the OpenSSL supporting TLS extensions, including OpenSSL 0.9.8f through 0.9.8o, 1.0.0 and 1.0.0a.

rest here




More in Tux Machines

Five Ways Open Source Databases Are Best for Business

Today 78% of organizations run part or all of their operations on open source software, a figure that has nearly doubled since 2010. And according to ranking site DB-Engines, six of the top 10 databases are open source, and the top eight non-relational technologies are all open source. So why do so many organizations standardize on open source? Why do 66% of organizations look to open source before considering proprietary software alternatives? When it comes to databases, it turns out that the most important criteria are likely to be better addressed by an open source product. Read more

Ubuntu Touch OTA-6 Received Well by Ubuntu Phone Users, Work on OTA-7 Starts

As Łukasz Zemczak is currently in a two-week holiday, Canonical's Timo Jyrinki sent the usual report to inform us all about the good and bad things that happened in the Ubuntu Touch world. Read more

Ubuntu 15.10 (Wily Werewolf) to Ship with OpenStack Liberty

Canonical's James Page posted an interesting message on the Ubuntu mailing list, informing all Ubuntu developers about the steps they need to take in order to update the OpenStack cloud software to version 2015.2.0 (Liberty) in Ubuntu 15.10. Read more

Mark Shuttleworth Details Ubuntu 15.10 Highlights [VIDEO]

Ubuntu developers are closing in on the next major release, with the Ubuntu 15.10 Wily Werewolf set to debut on October 22. Ubuntu 15.10 is in many respects an incremental release ahead of the 16.04 Long Term Support release in 2016. Among the key innovations in 15.10 is wider use of the Snappy technology for packaging, though it won't replace the core .deb packaging system anytime soon, if ever. Read more