|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
|||
OpenSSL 1.0.1k released with 8 security fixes
http://www.openssl.org/news/secadv_20150108.txt
Of interest, none of the reports reference the Libressl project. |
|
||||
Per Bob Beck, these CVEs were addressed by LibreSSL in May.
https://twitter.com/bob_beck/status/553233391164743682 |
|
|||
Thx for posting Beck's tweet Jiggimi, I had been wondering if any of the recent OpenSSL vulns were present in LibreSSL.
|
|
||||
Further review found some minor applicable components. Ted Unangst posted this on the OpenBSD tech@ mailing list:
Code:
After some review of the issues fixed in the latest OpenSSL release, we will not be publishing errata for them. Referring to: https://www.openssl.org/news/secadv_20150108.txt Several of the reported issues are in code removed from 5.6, and the remainder appear to be low impact. They will of course be fixed in cvs going forward, but at this time, the impact is low enough that it doesn't outweight the stress of patching. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Security More 'Ruby on Rails' security fixes released | J65nko | News | 0 | 12th February 2013 11:01 PM |
OpenSSL fixes DoS bug in recent bug fix | J65nko | News | 0 | 20th January 2012 12:02 AM |
Security Six security flaws fixed in OpenSSL | J65nko | News | 0 | 6th January 2012 06:17 PM |
New version of OpenSSL fixes two vulnerabilities | J65nko | News | 0 | 9th December 2010 02:56 AM |
OpenSSL Security Advisory [24 March 2010] | J65nko | News | 0 | 29th March 2010 11:12 PM |