OpenSSL Security Advisory

An update for OpenSSL was just released to address various security vulnerabilities (low to moderate risk) and it is recommended that you update as soon as possible.

WHMCS Complete Billing and Support

Based on your operating system distro / control panel, the update should be available in the repository in the near future.

OpenSSL

The following issues were addressed in this update:

[1] DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
[2] DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
[3] no-ssl3 configuration sets method to NULL (CVE-2014-3569)
[4] ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
[5] RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
[6] DH client certificates accepted without verification [Server] (CVE-2015-0205)
[7] Certificate fingerprints can be modified (CVE-2014-8275)
[8] Bignum squaring may produce incorrect results (CVE-2014-3570)

Following are the version update detail:

OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

For detailed information about this update, please refer their official release note from the following URL:

https://www.openssl.org/news/secadv_20150108.txt

Posted in Security.

One Comment

  1. Pingback: OpenSSL Security Updates - March 19, 2015 - Web Hosting News

Leave a Reply

Your email address will not be published. Required fields are marked *