Versions 0.9.8s and1.0.0f of OpenSSL were recently released to address six security flaws.
“The most problematic of the vulnerabilities fixed in the new version … enables [a] plaintext recovery attack, which was discovered by a pair of security researchers who found a way to extend the CBC padding oracle attack,” writes Threatpost’s Dennis Fisher. “The attack enables someone to exploit the problem with OpenSSL’s DTLS implementation to recover the plaintext version of an encrypted message.”
“Users of previous versions should upgrade to OpenSSL 1.0.0f or 0.9.8s,” Fisher writes.
Go to “New Version of OpenSSL Fixes Six Flaws” to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.