OpenSSL Patches Eight New Vulnerabilities

itwbennett writes: Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks. Although the flaws are only of moderate and low severity, "system administrators should plan to upgrade their running OpenSSL server instances in the coming days," said Tod Beardsley, engineering manager at vulnerability intelligence firm Rapid7.

Re:Time to switch to LibreSSL

If you had been paying attention you'd know that OpenSSL gets bugs reported, LibreSSL fixes them while OpenSSL stands around with their collective dick in their hands.

Go easy on the OpenSSL guys !

[slincolne]

The beauty of Open Source is that when issues like this are discovered, they are dealt with.

With a closed source product you basically have to trust the vendor to get it right, and to patch defects in a timely manner.

OpenSSL is a classic demonstration of one of the truths of computer programming - namely that good cryptography is HARD.

I just wish that the big players who use this in their products would support the developers - and make it a better outcome for all of us who rely on this product.

Re:Sick of this

Of course it did, it is a fork (copy) of OpenSSL.

However, one or two of the issues were fixed in LibreSSL back in May, before being discovered in OpenSSL.
They were fixed as part of the general code quality improvement, and cleaning up the error handling and memory management.

https://twitter.com/bob_beck/status/553233391164743682

Re:OpenSSL must fucking die

[ruir]

That bunch of monkeys have do something better than most, they have given their free time for the project, they have advanced our knowledge of security, they have built a product use by a myriad of OS and vendors for almost 2 decades FOR FREE. Much more than some smuck than comes here ranting, and the idiots that mod him informative.