Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC StormCast for Thursday, January 5th 2012 http://isc.sans.edu/podcastdetail.html?id=2236
WordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel.

OpenSSL vulnerability fixes

Published: 2012-01-05
Last Updated: 2012-01-05 00:46:00 UTC
by Russ McRee (Version: 1)
2 comment(s)

OpenSSL has addressed six vulnerabilities in OpenSSL 1.0.0f and 0.9.8s.

 
CVEs include:
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Double-free in Policy Checks (CVE-2011-4109)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
 
Details here: http://openssl.org/news/secadv_20120104.txt
Downloads here: http://openssl.org/source/
 
Note that the hyperlink for the Nadhem Alfardan and Kenny Paterson paper specific to the DTLS Plaintext Recovery Attack results in a 404 error.
 

 

Keywords: SSL vulnerabilities
2 comment(s)
Diary Archives