OpenSSL updates nine Security Questions
06-Aug-2014: Security Advisory: nine security fixes
Https://www.openssl.org/news/secadv_20140806.txt
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zbOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
OpenSSL TLS Protocol Downgrade Attack (CVE-2014-3511)
========================================================== ==================
Defects in OpenSSL SSL/TLS server code may cause server negotiation.
The ClientHello message is
Severe fragmentation. This makes it impossible for man-in-the-middle attackers to force
Downgrade to TLS1.0, even if both the server and client support higher
Protocol version. Modify the TLS record of the client.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
SRP Buffer Overflow (CVE-2014-3512)
========================================
A malicious client or server can send invalid SRP parameters and Overflow
Internal buffer. Only applications with specific SRP settings
Use is affected.
OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.
OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)
Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian
OpenSSL "heartbleed" Security Vulnerability
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: