OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.
Updates available include:
- OpenSSL 1.0.2b for 1.0.2 users
- OpenSSL 1.0.1n for 1.0.1 users
- OpenSSL 1.0.0s for 1.0.0d (and below) users
- OpenSSL 0.9.8zg for 0.9.8r (and below) users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.