Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

OpenSSL fixes serious denial-of-service bug, 11 other flaws

Lucian Constantin | March 20, 2015
The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.

The new OpenSSL patches also address eight moderate-severity flaws, some of which can also be used for denial-of-service attacks under certain conditions, as well as three low severity issues.

Because its announcement of an upcoming high severity vulnerability generated confusion, the project might change the way in which it classifies flaws.

"We need another security classification; HIGH scared everyone needlessly," said Rich Salz, an OpenSSL Project member on Twitter. "We'll update the policy soon."

There have been previous instances of critical flaws in OpenSSL, so by now CISOs and IT security teams should have a refined process in place for dealing with them, said Cris Thomas, strategist at Tenable Network Security, via email. "It should be a simple matter of following the procedures you developed based on the previous instances."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.