User: Password:
|
|
Subscribe / Log in / New account

OpenSSL

OpenSSL

Posted Feb 5, 2013 15:15 UTC (Tue) by meuh (subscriber, #22042)
Parent article: “Lucky Thirteen” attack snarfs cookies protected by SSL encryption (ars technica)

OpenSSL released an updated version regarding to this weakness (CVE-2013-0169)
http://www.openssl.org/news/secadv_20130204.txt


(Log in to post comments)

OpenSSL

Posted Feb 6, 2013 9:48 UTC (Wed) by meuh (subscriber, #22042) [Link]

There's another Security Advisory at http://www.openssl.org/news/secadv_20130205.txt but is the same as the previous one. Seems OpenSSL people got the date wrong.

OpenSSL

Posted Feb 7, 2013 2:44 UTC (Thu) by Comet (subscriber, #11646) [Link]

Beware that there appear to be some serious issues with OpenSSL 1.0.1d; if you don't need to actively defend against this attack yet, you might save yourself some frustration and wait for 1.0.1e.

Issues known to affect Apache's interoperability with Firefox, for instance. See the openssl-dev mailing-list for more state.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds