Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 4 Apr 2014 10:07:58 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Lots of CVEs ahead in TLS implementations

Hi,

There is a pretty interesting new research paper that tries to find all
kinds of vulnerabilities in TLS implementations regarding certificate
validation:
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf

They found a whole bunch of issues in various open source ssl
implementations

Maybe we can start some collaborative effort to dig through them and
assign CVEs. Some seem to have already been handled, e.g. one of the
most sever issues found is CVE-2014-1959 in gnutls (already fixed
upstream). However, others seem unhandled.

Beside: It's well worth reading the paper if you're into that stuff.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ