OpenSSL Security Advisory

An update for OpenSSL was just released to address various security vulnerabilities (low to moderate risk) and it is recommended that you update as soon as possible.

WHMCS Complete Billing and Support

Based on your operating system distro / control panel, the update should be available in the repository in the near future.

OpenSSL

The following issues were addressed in this update:

[1] DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
[2] DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
[3] no-ssl3 configuration sets method to NULL (CVE-2014-3569)
[4] ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
[5] RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
[6] DH client certificates accepted without verification [Server] (CVE-2015-0205)
[7] Certificate fingerprints can be modified (CVE-2014-8275)
[8] Bignum squaring may produce incorrect results (CVE-2014-3570)

Following are the version update detail:

OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

For detailed information about this update, please refer their official release note from the following URL:

https://www.openssl.org/news/secadv_20150108.txt

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.