Openssl v.1.1.0d was released as a security update

Posted on Posted in OpenSSL

Description: Multiple security bugs have been fixed in the latest releases of OpenSSL.

Changes:

  • fixed carry propagating bug in the x86_64 Montgomery squaring procedure
  • fixed bug with bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash

Affected versions: OpenSSL 1.1.0x and 1.0.2x

Recommended action:

  • OpenSSL 1.1.0 users should upgrade to 1.1.0d
  • OpenSSL 1.0.2 users should upgrade to 1.0.2k

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *