mythcat: News: OpenSSL Security Advisory [16 Feb 2017]


According to this website:  www.openssl.org/news

OpenSSL Security Advisory [16 Feb 2017]
========================================

Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
====================================================

Severity: High

During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa) then this
can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers
are affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0e

This issue does not affect OpenSSL version 1.0.2.

This issue was reported to OpenSSL on 31st January 2017 by Joe Orton (Red Hat).
The fix was developed by Matt Caswell of the OpenSSL development team.

Note
====

Support for version 1.0.1 ended on 31st December 2016. Support for versions
0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
receiving security updates.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20170216.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html


Source From: fedoraplanet.org.
Original article title: mythcat: News: OpenSSL Security Advisory [16 Feb 2017].
This full article can be read at: mythcat: News: OpenSSL Security Advisory [16 Feb 2017].

Advertisement
StudioPress Premium WordPress Themes: Foodie Pro Theme


Random Article You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*