Quantcast

Forthcoming OpenSSL release

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Forthcoming OpenSSL release

openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Forthcoming OpenSSL release
===========================

The OpenSSL project team would like to announce the forthcoming release of
OpenSSL version 1.1.0e

This release will be made available on 16th February 2017 between 1200-1600
UTC, and will include a fix for a security defect classified as severity "High".
This issue does not affect OpenSSL versions prior to 1.1.0.

Please see the following page for further details of severity levels:
https://www.openssl.org/policies/secpolicy.html

Yours

The OpenSSL Project Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJYoXCaAAoJEAEKUEB8TIy92GwH+gMIr6v8IQE04/aHWlp+ilep
RIPM3x+NAQCkBTSZDhYPRIfJPnbEfGY1hi6Og28SQwHyfClL8Kyg0rkcgEJa9Q1A
evhXesZD6xwWiPbqS4yu/iAnjapCPDuNQOeH8toRBs97N4bZ5/SLN6a5UUQg3lQ6
4t3zHJMK3RDRl6O39xmU84qpP7iumGW8Br/0XD2DfPvF0hAJVO+IfvTHK1WEFZg3
j1bYFUEP3lFWnXQDN7h4e9dOKRioSADdl/Tj+Ibh51OBYwaE2xjqqsOs4VAjbG8x
V17okImTVhXhKSEOw3wsNirjW/+ui6fDIjszUGTcmNSp+MLXvUB21+8OXaVTDQs=
=DVlI
-----END PGP SIGNATURE-----
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forthcoming OpenSSL release

Nounou Dadoun
Sorry I haven't been following the discussion on this vulnerability if there is one.  
The advisory says that " this can cause OpenSSL to crash (dependent on ciphersuite) "; is there any indication about which cipher suites are affected?  So that we know whether we should upgrade now or catch the next one, thanks  ... N


Nou Dadoun
Senior Firmware Developer, Security Specialist


Office: 604.629.5182 ext 2632
Support: 888.281.5182  |  avigilon.com
Follow Twitter  |  Follow LinkedIn


This email, including any files attached hereto (the "email"), contains privileged and confidential information and is only for the intended addressee(s). If this email has been sent to you in error, such sending does not constitute waiver of privilege and we request that you kindly delete the email and notify the sender. Any unauthorized use or disclosure of this email is prohibited. Avigilon and certain other trade names used herein are the registered and/or unregistered trademarks of Avigilon Corporation and/or its affiliates in Canada and other jurisdictions worldwide.


-----Original Message-----
From: openssl-users [mailto:[hidden email]] On Behalf Of OpenSSL
Sent: Monday, February 13, 2017 12:53 AM
To: [hidden email]; [hidden email]; [hidden email]
Subject: [openssl-users] Forthcoming OpenSSL release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Forthcoming OpenSSL release
===========================

The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.0e

This release will be made available on 16th February 2017 between 1200-1600 UTC, and will include a fix for a security defect classified as severity "High".
This issue does not affect OpenSSL versions prior to 1.1.0.

Please see the following page for further details of severity levels:
https://www.openssl.org/policies/secpolicy.html

Yours

The OpenSSL Project Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJYoXCaAAoJEAEKUEB8TIy92GwH+gMIr6v8IQE04/aHWlp+ilep
RIPM3x+NAQCkBTSZDhYPRIfJPnbEfGY1hi6Og28SQwHyfClL8Kyg0rkcgEJa9Q1A
evhXesZD6xwWiPbqS4yu/iAnjapCPDuNQOeH8toRBs97N4bZ5/SLN6a5UUQg3lQ6
4t3zHJMK3RDRl6O39xmU84qpP7iumGW8Br/0XD2DfPvF0hAJVO+IfvTHK1WEFZg3
j1bYFUEP3lFWnXQDN7h4e9dOKRioSADdl/Tj+Ibh51OBYwaE2xjqqsOs4VAjbG8x
V17okImTVhXhKSEOw3wsNirjW/+ui6fDIjszUGTcmNSp+MLXvUB21+8OXaVTDQs=
=DVlI
-----END PGP SIGNATURE-----
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forthcoming OpenSSL release

Matt Caswell-2


On 16/02/17 19:54, Nounou Dadoun wrote:
> Sorry I haven't been following the discussion on this vulnerability
> if there is one. The advisory says that " this can cause OpenSSL to
> crash (dependent on ciphersuite) "; is there any indication about
> which cipher suites are affected?  So that we know whether we should
> upgrade now or catch the next one, thanks  ... N

A malicious client (say) could cause a server to crash if it has been
configured to support at least one AEAD ciphersuite and at least one
non-AEAD ciphersuite.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...