New OpenSSL vulnerabilities: CloudFlare systems patched
On June 5, 2014, the OpenSSL team announced seven vulnerabilities affecting all versions of OpenSSL (0.9.8, 1.0.0, 1.0.1, and 1.0.2). The most severe issue is a potential on-path attack known as CCS Injection (CVE-2014-0224), with more technical details provided by Google's Adam Langley and the original problem reporter. CloudFlare has patched its servers, protecting customers from these vulnerabilities. Users of OpenSSL are advised to upgrade their software or server as soon as possible, as new versions have been released by the OpenSSL team.
Company
Cloudflare
Date published
June 5, 2014
Author(s)
John Graham-Cumming
Word count
110
Language
English
Hacker News points
None found.