Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Patches Eight New Vulnerabilities

Posted by Soulskill on Friday January 9, 2015 @05:16PM from the getting-ahead-in-the-game dept.

itwbennett writes: Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks. Although the flaws are only of moderate and low severity, "system administrators should plan to upgrade their running OpenSSL server instances in the coming days," said Tod Beardsley, engineering manager at vulnerability intelligence firm Rapid7.

2 of 79 comments (clear)

Min score:

Reason:

Sort:

Re:Time to switch to LibreSSL by Anonymous Coward · 2015-01-09 18:28 · Score: 5, Informative

If you had been paying attention you'd know that OpenSSL gets bugs reported, LibreSSL fixes them while OpenSSL stands around with their collective dick in their hands.
Re:Sick of this by Anonymous Coward · 2015-01-09 19:37 · Score: 5, Informative

Of course it did, it is a fork (copy) of OpenSSL.
However, one or two of the issues were fixed in LibreSSL back in May, before being discovered in OpenSSL.
They were fixed as part of the general code quality improvement, and cleaning up the error handling and memory management.
https://twitter.com/bob_beck/status/553233391164743682