More OpenSSL security fixes

Discussion in 'privacy technology' started by BoerenkoolMetWorst, Aug 7, 2014.

  1. haakon

    haakon Guest

    I have a fair understanding of OpenSSL's method, but not so much with its actual gears and pulleys.

    I always keep some clients I use updated with the current libraries: libeay32.dll and ssleay32.dl, now at 1.0.2h / 1.0.2.8.

    Having no control, of course, on what's used on the server side "out there," I wonder if that does some good or none at all?? :doubt:
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,427
    Indeed. I've been using it for a long time.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    OpenSSL to Patch High Severity Vulnerability
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    Over a Dozen Vulnerabilities Patched in OpenSSL
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,789
    Location:
    USA
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,102
    Location:
    Outer space
    I didn't check but usually some vulnerabilities affect client side as well. The big browsers don't use OpenSSL, but some others do, QupZilla for example.
    Also quite a few other softwares on Windows bundle OpenSSL files in their program files folders and don't update them properly. Search your computer for ssleay*.dll and libeay*.dll to find out.
     
  7. haakon

    haakon Guest

    That's what I pondered in my post #26 above.

    I've just been replacing the two dlls on my systems for years in the age-old trusted "it can't hurt" strategy.

    As well, I don't believe they'd be releasing client-side libraries for no reason.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,057
    I can tell you that my Debian systems all updated OpnSSL today. There were some high risk changes that were addressed.
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    OpenSSL Security Advisory [26 Sep 2016]

     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    OpenSSL to Patch High Severity Flaw in Version 1.1.0
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    High Severity DoS Flaw Patched in OpenSSL
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    OpenSSL Patches Four Vulnerabilities
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    High Severity Flaw Patched in OpenSSL 1.1.0
     
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,178
    Pre-announcement for the upcoming OpenSSL releases for 02 Nov 2017.

    https://mta.openssl.org/pipermail/openssl-announce/2017-October/000104.html

     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    OpenSSL Patches Flaws Found With Google Fuzzer
     
  17. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,803
    That Google fuzzer is a pretty awesome piece of kit, it tests programs with trillions of inputs, to see if any of them cause an unexpected response.
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    Two Vulnerabilities Patched in OpenSSL
     
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,782
    Location:
    Texas
    First OpenSSL Updates in 2018 Patch Three Flaws
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.