OpenSSL (RHEL) Security Update Issued

An update for OpenSSL on RHEL was just released to help address the Poodle OpenSSL security vulnerability and it is recommended that you update as soon as possible.

This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

Read more ...

SSL v3 Rumoured Vulnerability

According to The Register, a serious vulnerability in SSL v3 will be disclosed tomorrow on October 15th. Some people are recommending disabling SSL v3 in various daemons until further notice. We will update our blog once the vulnerability is released tomorrow. We urge everyone to stay alert and be ready to patch whatever necessary.

Read more ...

Security Update Issued for Xen Hypervisor

An update for Xen was just released to address a vulnerability where a buggy or malicious HVM guest can crash the host or read data relating to other guests or the hypervisor itself.


source:hostingseclist

Bash Latest Patch / Status Update

According to a Google Security Researcher who was able to defeat all of the current patches and make the vulnerability easier to exploit, they are now recommending the following unofficial patch until it is pushed upstream:

Further Information:


source: hostingseclist

Woktron Live Chat