OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.
Updates available include:
- OpenSSL 1.0.2b for 1.0.2 users
- OpenSSL 1.0.1n for 1.0.1 users
- OpenSSL 1.0.0s for 1.0.0d (and below) users
- OpenSSL 0.9.8zg for 0.9.8r (and below) users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.