See Also - OpenSSL to Patch High Severity Vulnerability
By Michael Mimoso September 26, 2016
OpenSSL today released an emergency security update after a patch in its most recent update issued last week introduced a critical vulnerability in the cryptographic library.
The new flaw affects only OpenSSL 1.1.0a, which was made available last Thursday; users are urged to update to 1.1.0b immediately.
The original patch addressed an issue, CVE-2016-6307, where there was excessive memory allocation in tls_get_message_header. OpenSSL rated that flaw a low-severity bug and said it could cause servers to crash.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.