Read more of this story at Slashdot.
Yesterday, a number of news sites published speculative reports about a possible OpenSSLbug to be fixed today. According to these reports, the bug affects SSL 3, and is critical. We did receive a lot of inquiries around these news reports, but so far, we got only one little announcement from the OpenBSD camp to go by:
So far, there hasnt been any official release from OpenSSL.org, but OpenBSD"> /* if it went, fall through and send more stuff */+/* we may have released our buffer, so get it again */+if (wb-buf == NULL)+if (!ssl3_setup_write_buffer(s))+ }
This looks like a memory corruption / use after free vulnerability is being patched.
We will update this post as we learn more. At this point: Dont panic and wait for a patch from your respective Linux vendor. We are not aware of any active exploitation of this problem, but please let us know if you see any evidence of that happening.
[1]http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.Yesterday, a number of news sites published speculative reports about a possible OpenSSLbug to be fixed today. According to these reports, the bug affects SSL 3, and is critical. We did receive a lot of inquiries around these news reports, but so far, we got only one little announcement from the OpenBSD camp to go by:
So far, there hasnt been any official release from OpenSSL.org, but OpenBSD"> /* if it went, fall through and send more stuff */+/* we may have released our buffer, so get it again */+if (wb-buf == NULL)+if (!ssl3_setup_write_buffer(s))+ }
This looks like a memory corruption / use after free vulnerability is being patched.
We will update this post as we learn more. At this point: Dont panic and wait for a patch from your respective Linux vendor. We are not aware of any active exploitation of this problem, but please let us know if you see any evidence of that happening.
[1]http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.
Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.
Read more of this story at Slashdot.