We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

OpenSSL Update Patches DoS Security Flaw

Download our in-depth report: The Ultimate Guide to IT Security Vendors

New versions of the OpenSSL library were recently released to patch a denial of service vulnerability that was introduced by a January 6 update.

"'A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack,' the OpenSSL developers warned in a newly published advisory," writes PCWorld's Lucian Constantin. "The issue has been addressed in the new OpenSSL 1.0.0g and 0.9.8t versions released on Wednesday."

"CVE-2011-4108 refers to a serious vulnerability in OpenSSL's implementation of the DTLS (Datagram Transport Layer Security) protocol, which allows attackers to decrypt secured communications without knowing the encryption key," Constantin writes.

Go to "OpenSSL Fixes DoS Flaw Introduced by Critical DTLS Patch" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.

Submit a Comment

Loading Comments...