Openssl closed four dangerous vulnerabilities
The OpenSSL Project has released a patch to its open-source encryption package to fix the recently discovered POODLE SSL and other vulnerabilities. Updates are available for OpenSSL 0.9.8zc, 1.0.0o and 1.0.1j.
')
In total, OpenSSL experts in the latest version of the popular cryptographic library fixed 4 vulnerabilities, one of which was qualified as a high-risk vulnerability.
Two were associated with POODLE (Padding Oracle On Downgraded Legacy Encryption), which allowed us to obtain data, such as cookies, via a secure connection. Two more iniitated memory leaks and opened the door for DoS attacks.
According to a research paper published Tuesday by Google security experts Bodo Moller, Ty Duon and Krzysztof Kotovich, POODLE was the result of a problem in the 15-year-old version 3.0 of the SSL protocol. Although many sites have switched to using the Transport Layer Security (TLS) protocol, the main web browsers, in addition to Chrome and Firefox, still provide support for SSL 3.0 in cases where they cannot connect to the server using a more modern protocol.
')
In total, OpenSSL experts in the latest version of the popular cryptographic library fixed 4 vulnerabilities, one of which was qualified as a high-risk vulnerability.
Two were associated with POODLE (Padding Oracle On Downgraded Legacy Encryption), which allowed us to obtain data, such as cookies, via a secure connection. Two more iniitated memory leaks and opened the door for DoS attacks.
According to a research paper published Tuesday by Google security experts Bodo Moller, Ty Duon and Krzysztof Kotovich, POODLE was the result of a problem in the 15-year-old version 3.0 of the SSL protocol. Although many sites have switched to using the Transport Layer Security (TLS) protocol, the main web browsers, in addition to Chrome and Firefox, still provide support for SSL 3.0 in cases where they cannot connect to the server using a more modern protocol.
Source: https://habr.com/ru/post/240765/
All Articles