Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Patches Eight New Vulnerabilities

Posted by Soulskill on from the getting-ahead-in-the-game dept.

itwbennett writes: Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks. Although the flaws are only of moderate and low severity, "system administrators should plan to upgrade their running OpenSSL server instances in the coming days," said Tod Beardsley, engineering manager at vulnerability intelligence firm Rapid7.

3 of 79 comments (clear)

  1. Sick of this by Anonymous Coward · · Score: 3, Insightful

    LibreSSL can't come soon enough.

  2. Re:OpenSSL must fucking die by ruir · · Score: 4, Insightful

    That bunch of monkeys have do something better than most, they have given their free time for the project, they have advanced our knowledge of security, they have built a product use by a myriad of OS and vendors for almost 2 decades FOR FREE. Much more than some smuck than comes here ranting, and the idiots that mod him informative.

  3. Re:Fork OpenSSL to OpenTLS by phantomfive · · Score: 3, Insightful

    Fork OpenSSL to OpenTLS but only take those technologies that are currently known to be good/safe and still have some future.

    It's a fine idea but it wouldn't help you because the problem isn't the algorithm, the problem is the code. OpenSSL is known to have bugs in its TLS code, too. The problems here start even before getting to the algorithm.

    --
    "First they came for the slanderers and i said nothing."