Yet Another OpenSSL Vulnerability

A new crypto bypass vulnerability in OpenSSL was announced in an advisory published 05 June 2014. The vulnerability allows for decryption and modification of web, VPN, and email traffic secured using Transport Layer Security (TLS).

Administrators of devices using TLS are urged to update their systems as soon as possible. There is an update available on the OpenSSL web site.

CVE for this vulnerability: CVE-2014-0224

Link to CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

OpenSSL Advisory: https://www.openssl.org/news/secadv_20140605.txt

OpenSSL Patching: https://www.openssl.org/

Post by Protocol 46