View Single Post
  #1   (View Single Post)  
Old 20th April 2012
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506
Default New version of OpenSSL closes security holes in ASN1 parser


Tavis Ormandy from the Google Security Team has notified the OpenSSL developers of a security hole in the current version of their open source library. The errors occur when parsing ASN1 data via the asn1_d2i_read_bio() function. According to the official OpenSSL advisory and Ormandy's message, the issue affects applications that process external X.509 certificates or public RSA keys.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote