On 09/07/15 22:57, Andrew Pam wrote: > On 09/07/15 22:20, Scott Junner wrote: >> Undisclosed important OpenSSL updates expected today. Any thing to do >> with that? > Not undisclosed: https://thejh.net/written-stuff/openssh-6.8-xsecurity
I believe Scott's joke was referring to CVE-2015-1793 reported two weeks ago, and just announced and patched today. This SSL issue allows an attacker (or a site) to "cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate." https://www.openssl.org/news/secadv_20150709.txt It only affects the most recent OpenSSL versions (1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o). Glenn -- sks-keyservers.net 0x6d656d65
signature.asc
Description: OpenPGP digital signature
_______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
