Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Patches Eight New Vulnerabilities

Posted by Soulskill on from the getting-ahead-in-the-game dept.

itwbennett writes: Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks. Although the flaws are only of moderate and low severity, "system administrators should plan to upgrade their running OpenSSL server instances in the coming days," said Tod Beardsley, engineering manager at vulnerability intelligence firm Rapid7.

1 of 79 comments (clear)

  1. Go easy on the OpenSSL guys ! by slincolne · · Score: 4, Interesting
    The beauty of Open Source is that when issues like this are discovered, they are dealt with.

    With a closed source product you basically have to trust the vendor to get it right, and to patch defects in a timely manner.

    OpenSSL is a classic demonstration of one of the truths of computer programming - namely that good cryptography is HARD.

    I just wish that the big players who use this in their products would support the developers - and make it a better outcome for all of us who rely on this product.