Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > other security issues & news
Reload this Page New version of OpenSSL closes security holes in ASN1 parser
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old April 20th, 2012, 01:56 PM
ronjor's Avatar
ronjor ronjor is offline
Global Moderator
  
Join Date: Jul 2003
Location: Texas
Posts: 46,216
Default New version of OpenSSL closes security holes in ASN1 parser
Quote:
Tavis Ormandy from the Google Security Team has notified the OpenSSL developers of a security hole in the current version of their open source library. The errors occur when parsing ASN1 data via the asn1_d2i_read_bio() function. According to the official OpenSSL advisory and Ormandy's message, the issue affects applications that process external X.509 certificates or public RSA keys. However, the remaining information about the applications that are affected, and the potential consequences, is rather cryptic.
http://www.h-online.com/security/new...r-1543932.html
 

Wilders Security Forums > Other Security Topics > other security issues & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 08:08 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums