UPGRADE TIME!!

http://www.openssl.org/news/secadv_20020730.txt

Vuln1 affecting:

Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or
current development snapshots of 0.9.7 to provide SSL or TLS is
vulnerable, whether client or server. 0.9.6d servers on 32-bit systems
with SSL 2.0 disabled are not vulnerable.

SSLeay is probably also affected.

Vuln2 affecting:

Any OpenSSL program which uses the ASN1 library to parse untrusted
data. This includes all SSL or TLS applications, those using S/MIME
(PKCS#7) or certificate generation routines.


Sincerely,
Pascal

----------------------------------------------
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

Reply via email to