New version of OpenSSL closes security holes in ASN1 parser
From http://h-online.com/-1543932
Quote:
Tavis Ormandy from the Google Security Team has notified the OpenSSL developers of a security hole in the current version of their open source library. The errors occur when parsing ASN1 data via the asn1_d2i_read_bio() function. According to the official OpenSSL advisory and Ormandy's message, the issue affects applications that process external X.509 certificates or public RSA keys.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|