/plushcap/analysis/cloudflare/openssl-security-advisory-of-19-march-2015

OpenSSL Security Advisory of 19 March 2015

What's this blog post about?

On March 19, 2015, multiple vulnerabilities were discovered in OpenSSL, a cryptographic library used by CloudFlare and most websites on the internet. The vulnerabilities primarily affect CloudFlare as a "Denial of Service" possibility rather than an information disclosure vulnerability. Customer traffic and SSL keys remain protected. CloudFlare has quickly tested the patched version and begun pushing it to their production environment. They encourage customers to upgrade to the latest patched versions of OpenSSL on their own servers, particularly if they are using the 1.0.2 branch of the library. The individual vulnerabilities included in this announcement are: CVE-2015-0291, CVE-2015-0204, CVE-2015-0290, CVE-2015-0207, CVE-2015-0286, CVE-2015-0208, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787, CVE-2015-0285, CVE-2015-0209, and CVE-2015-0288. CloudFlare thanks the OpenSSL project and individual vulnerability reporters for their work in finding, disclosing, and remediating these issues.

Company
Cloudflare

Date published
March 19, 2015

Author(s)
Ryan Lackey

Word count
300

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.