Establishing Digital Trust: Don't Sacrifice Security for Convenience
New versions of the OpenSSL library were recently released to patch a denial of service vulnerability that was introduced by a January 6 update.
"'A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack,' the OpenSSL developers warned in a newly published advisory," writes PCWorld's Lucian Constantin. "The issue has been addressed in the new OpenSSL 1.0.0g and 0.9.8t versions released on Wednesday."
"CVE-2011-4108 refers to a serious vulnerability in OpenSSL's implementation of the DTLS (Datagram Transport Layer Security) protocol, which allows attackers to decrypt secured communications without knowing the encryption key," Constantin writes.
Go to "OpenSSL Fixes DoS Flaw Introduced by Critical DTLS Patch" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.