ÃÛÌÒTV

Announcements 06-11-2015

OpenSSL Patches Six Security Vulnerabilities

Jason Sabin

This morning, OpenSSL released sixÌýsecurity patches—versions 1.0.2b, 1.0.1n, 1.0.0s, and 0.9.8zg—for new security vulnerabilities discovered in OpenSSL. These patches fix six vulnerabilities: five are rated moderate riskÌýand one is classifiedÌýas low risk.

For a full list, see the .

None of these bugs affects SSL Certificates; no action related to certificate management is required.

Administrators should update their instances of OpenSSL:

  • OpenSSL 1.0.2 users should upgrade to 1.0.2b
  • OpenSSL 1.0.1 users should upgrade to 1.0.1n
  • OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s
  • OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

Source code is available for the OpenSSL patches .

Keeping OpenSSL Secure

As part of the industry's refocus on strengthening the security in the cores services that multitude organizations rely on, OpenSSL continues to discover and then patch vulnerabilities in the OpenSSL framework. This process of finding and fixing is needed for long-term security and to keep the projects strong and hopefully, to patch these vulnerabilities before attackers can deduce ways to take advantage of them. Although the time and energy required to apply the patches can frustrate even the most dedicated system admin, these steps are needed to keep the OpenSSL code secure now and for years to come.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205