More OpenSSL security fixes

Discussion in 'privacy technology' started by BoerenkoolMetWorst, Aug 7, 2014.

  1. haakon

    haakon Guest

    I have a fair understanding of OpenSSL's method, but not so much with its actual gears and pulleys.

    I always keep some clients I use updated with the current libraries: libeay32.dll and ssleay32.dl, now at 1.0.2h / 1.0.2.8.

    Having no control, of course, on what's used on the server side "out there," I wonder if that does some good or none at all?? :doubt:
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,159
    Indeed. I've been using it for a long time.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    OpenSSL to Patch High Severity Vulnerability
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    Over a Dozen Vulnerabilities Patched in OpenSSL
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,582
    Location:
    USA
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,950
    Location:
    Outer space
    I didn't check but usually some vulnerabilities affect client side as well. The big browsers don't use OpenSSL, but some others do, QupZilla for example.
    Also quite a few other softwares on Windows bundle OpenSSL files in their program files folders and don't update them properly. Search your computer for ssleay*.dll and libeay*.dll to find out.
     
  7. haakon

    haakon Guest

    That's what I pondered in my post #26 above.

    I've just been replacing the two dlls on my systems for years in the age-old trusted "it can't hurt" strategy.

    As well, I don't believe they'd be releasing client-side libraries for no reason.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,385
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,867
    I can tell you that my Debian systems all updated OpnSSL today. There were some high risk changes that were addressed.
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    OpenSSL Security Advisory [26 Sep 2016]

     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    OpenSSL to Patch High Severity Flaw in Version 1.1.0
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    High Severity DoS Flaw Patched in OpenSSL
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    OpenSSL Patches Four Vulnerabilities
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    High Severity Flaw Patched in OpenSSL 1.1.0
     
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,933
    Pre-announcement for the upcoming OpenSSL releases for 02 Nov 2017.

    https://mta.openssl.org/pipermail/openssl-announce/2017-October/000104.html

     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    OpenSSL Patches Flaws Found With Google Fuzzer
     
  17. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,094
    That Google fuzzer is a pretty awesome piece of kit, it tests programs with trillions of inputs, to see if any of them cause an unexpected response.
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,560
    Location:
    Texas
    Two Vulnerabilities Patched in OpenSSL
     
Loading...