Date: Fri, 11 May 2012 07:15:15 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: OpenSSL invalid TLS/DTLS record attack (CVE-2012-2333) I think these should be in here given the importance of OpenSSL, as well as to encourage relevant follow-ups. ----- Forwarded message ----- Subject: OpenSSL Security Advisory Date: Thu, 10 May 2012 23:47:57 +0200 (CEST) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL Security Advisory [10 May 2012] ======================================= Invalid TLS/DTLS record attack (CVE-2012-2333) =============================================== A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers. DTLS applications are affected in all versions of OpenSSL. TLS is only affected in OpenSSL 1.0.1 and later. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. The fix was developed by Stephen Henson of the OpenSSL core team. Affected users should upgrade to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20120510.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBT6w226LSm3vylcdZAQKTzgf/cksRhBmKkc5BWGXHxRuNEpr7SplMvM1k 5HcyLrlUKE4E2tredaylgYhbpy9+50e8euv8cWdD5ErBklJ9SGso2YKl/FVOSO0e T5MyGgOeQ4jAeyLlBahw6O74bUYrO3WntVyLJDrH6gRGN1dDjenMPErPUKUQGUMw 8Yy0JXbxIVhw731ymL6Iv2DuleFZvGCdSgPXbX39qXrAe5mD5wd5jGP50f7S0mEO mj6/3zPxAHLrn5H9XXwqgebEylQkCHWdMIxSqYihea865/BShT5lXJdLief7YDlh YEJVquVjGlRgTJZeq6YZab5c1Lg+Jlc9cxtniQv1QaAgfryEJ5biPQ== =/mgW -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Announcement Mailing List openssl-announce@...nssl.org Automated List Manager majordomo@...nssl.org ----- End forwarded message -----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.