cooper Posted March 17, 2015 Share Posted March 17, 2015 http://marc.info/?l=openssl-announce&m=142653572011212 We'll discover on the 19th what's really up, but whatever it is, they think it's serious. Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted March 18, 2015 Share Posted March 18, 2015 I was using SSL on my site for awhile but all the moving around i do i gave up using it. People come to my site i guess for one main reason to leech and leave. Quote Link to comment Share on other sites More sharing options...
cooper Posted March 19, 2015 Author Share Posted March 19, 2015 Of course, but be aware that any communication you have that doesn't travel the line as plain text has I would say at least a 90% chance of using OpenSSL for the crypto. The question isn't really "is this going to hurt" but "how much is this going to hurt". Our support staff here is on standby, waiting for the announcement so we can quickly move on the appropriate response. Quote Link to comment Share on other sites More sharing options...
cooper Posted March 19, 2015 Author Share Posted March 19, 2015 (edited) And the advisory is out: http://openssl.org/news/secadv_20150319.txtIn all, nothing particularly shocking. A few DoS attack options which, while annoying, shouldn't pose that much of a problem anywhere.Associated CVE's (as they appear in the advisory, so in order of severity):CVE-2015-0291 NVDCVE-2015-0204 NVDCVE-2015-0290 NVDCVE-2015-0207 NVDCVE-2015-0286 NVDCVE-2015-0208 NVDCVE-2015-0287 NVDCVE-2015-0289 NVDCVE-2015-0292 NVDCVE-2015-0293 NVDCVE-2015-1787 NVDCVE-2015-0285 NVDCVE-2015-0209 NVDCVE-2015-0288 NVDWhat I want to know is how many of these apply to LibreSSL, if any. A number of these sound like things those folks would've ripped out in the early post-fork days. Edited March 19, 2015 by Cooper Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.