The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as “high” severity. This defect does not affect the 1.0.0 or 0.9.8 releases.
Blog
Google has released more pertinent information regarding the SSL v3 vulnerability as a pdf document linked to below: https://www.openssl.org/~bodo/ssl-poodle.pdf Please pay close attention to the recommendations and implement as necessary.
According to The Register, a serious vulnerability in SSL v3 will be disclosed tomorrow on October 15th. Some people are recommending disabling SSL v3 in various daemons until further notice. We will update our blog once the vulnerability is released tomorrow. We urge everyone to stay alert and be…
For those of you using OpenSSL 1.0.1 (most recent Unix systems), it is critical that you patch the openssl library, as well as binaries compiled statically with openssl, as soon as possible.
Urgent Action Required There is a vulnerability present within OpenSSL that can allow sensitive information that is stored in the server memory to be disclosed to an attacker. A public proof of concept has already been released and in our testing we were able to see credentials, session and…