OpenSSL Patches Multiple Vulnerabilities

OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.

Updates available include:

  • OpenSSL 1.0.2b for 1.0.2 users
  • OpenSSL 1.0.1n for 1.0.1 users
  • OpenSSL 1.0.0s for 1.0.0d (and below) users
  • OpenSSL 0.9.8zg for 0.9.8r (and below) users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No