Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Security Vulnerability

Posted by michael on from the what-me-worry dept.

SiliconEntity writes "On the heels of multiple OpenSSH vulnerabilities, the OpenSSL project is now reporting a number of security vulnerabilities of its own. OpenSSL is a standard cryptographic library used in a wide variety of security applications. The new vulnerabilities range from denial-of-service attacks to stack corruption, which imply the possibility of running malicious code. New versions of the software are released today which address the vulnerabilities."

2 of 245 comments (clear)

  1. Re:the truth by codemachine · · Score: 0, Flamebait

    Either that or they're doing a heck of a lot of auditing lately. Hopefully they'll find a bunch at once, and be done with it for a while.

    But unfortunately from what I've seen from OpenSSH, it appears that we may have another sendmail/wu-ftp/bind type program in terms of security. That is not a good thing, since many services are being changed to use ssh/ssl for transport, leaving us with a single point of (in)security.

    This is sure embarassing for the OpenBSD team though. Their code is right now some of the worst in BSD land for security (although in fairness, it is mostly portable ssh that has problems. On OpenBSD, OpenSSH has much cleaner code and is much more secure).

  2. Re:Feeling kinda good about it by Overly+Critical+Guy · · Score: 0, Flamebait

    Name a single example.

    Microsoft puts out patches immediately once a vulnerability is announced.

    --
    "Sufferin' succotash."