Threat Level: green Handler on Duty: Richard Porter

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC StormCast for Thursday, January 5th 2012
WordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel.

OpenSSL vulnerability fixes

Published: 2012-01-05
Last Updated: 2012-01-05 00:46:00 UTC
by Russ McRee (Version: 1)
2 comment(s)

OpenSSL has addressed six vulnerabilities in OpenSSL 1.0.0f and 0.9.8s.

CVEs include:
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Double-free in Policy Checks (CVE-2011-4109)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
Details here:
Downloads here:
Note that the hyperlink for the Nadhem Alfardan and Kenny Paterson paper specific to the DTLS Plaintext Recovery Attack results in a 404 error.


Keywords: SSL vulnerabilities
2 comment(s)
Diary Archives