Threat Level: yellow Handler on Duty: Russ McRee

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

OpenSSL Security Update

Published: 2012-03-12
Last Updated: 2012-03-12 20:52:58 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

OpenSSL has issued a security update for the CMS and S/MIME Bleichenbacher attack (CVE-2012-0884). "SSL/TLS applications are *NOT* affected by this problem since the SSL/TLS code does not use the PKCS#7 or CMS decryption code." [1]

OpenSSL 0.9.8u and OpenSSL 1.0.0h are available for download here.

[1] http://www.openssl.org/news/secadv_20120312.txt
[2] http://www.openssl.org/source/

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Advisory OpenSSL
0 comment(s)
Diary Archives