OpenSSL updates nine Security Questions

OpenSSL updates nine Security Questions

06-Aug-2014: Security Advisory: nine security fixes

Https://www.openssl.org/news/secadv_20140806.txt

 

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zbOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

OpenSSL TLS Protocol Downgrade Attack (CVE-2014-3511)
========================================================== ==================


Defects in OpenSSL SSL/TLS server code may cause server negotiation.
The ClientHello message is
Severe fragmentation. This makes it impossible for man-in-the-middle attackers to force
Downgrade to TLS1.0, even if both the server and client support higher
Protocol version. Modify the TLS record of the client.


OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

SRP Buffer Overflow (CVE-2014-3512)
========================================


A malicious client or server can send invalid SRP parameters and Overflow
Internal buffer. Only applications with specific SRP settings
Use is affected.


OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.

OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)

Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian

OpenSSL "heartbleed" Security Vulnerability

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: