
9 Jul
2015
9 Jul
'15
8:44 p.m.
On 09/07/15 22:57, Andrew Pam wrote:
On 09/07/15 22:20, Scott Junner wrote:
Undisclosed important OpenSSL updates expected today. Any thing to do with that? Not undisclosed: https://thejh.net/written-stuff/openssh-6.8-xsecurity
I believe Scott's joke was referring to CVE-2015-1793 reported two weeks ago, and just announced and patched today. This SSL issue allows an attacker (or a site) to "cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate." https://www.openssl.org/news/secadv_20150709.txt It only affects the most recent OpenSSL versions (1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o). Glenn -- sks-keyservers.net 0x6d656d65