New Version of OpenSSL Fixes Six Flaws
Posted on: 01/05/2012 11:20 PM

A new version of the OpenSSL package has been released, fixing six vulnerabilities, including a plaintext recovery attack on the DTLS implementation.

New Version of OpenSSL Fixes Six Flaws


From threatpost:
The most problematic of the vulnerabilities fixed in the new version is the one that enables the plaintext recovery attack, which was discovered by a pair of security researchers who found a way to extend the CBC padding oracle attack. The attack enables someone to exploit the problem with OpenSSL's DTLS implementation to recover the plaintext version of an encrypted message.



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/new_version_of_openssl_fixes_six_flaws.html)