logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Other Software View previous topic :: View next topic
Reply to topic   Topic: OpenSSL 1.1.1g release Tuesday 21st April
Author
Jan-E



Joined: 09 Mar 2012
Posts: 1056
Location: Amsterdam, NL, EU

PostPosted: Mon 20 Apr '20 6:35    Post subject: OpenSSL 1.1.1g release Tuesday 21st April Reply with quote

The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1g.

This release will be made available on Tuesday 21st April 2020 between 1300-1700 UTC.

OpenSSL 1.1.g is a security-fix release. The highest severity issue fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high

Yours

The OpenSSL Project Team
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1056
Location: Amsterdam, NL, EU

PostPosted: Tue 21 Apr '20 15:26    Post subject: Reply with quote

https://www.openssl.org/news/vulnerabilities.html#2020-1967
Quote:
CVE-2020-1967 (OpenSSL advisory) [High severity] 21 April 2020:

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d.
Reported by Bernd Edlinger.
Back to top


Reply to topic   Topic: OpenSSL 1.1.1g release Tuesday 21st April View previous topic :: View next topic
Post new topic   Forum Index -> Other Software