Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: OpenSSL 1.1.1g release Tuesday 21st April |
|
Author |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1266 Location: Amsterdam, NL, EU
|
Posted: Mon 20 Apr '20 6:35 Post subject: OpenSSL 1.1.1g release Tuesday 21st April |
|
|
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1g.
This release will be made available on Tuesday 21st April 2020 between 1300-1700 UTC.
OpenSSL 1.1.g is a security-fix release. The highest severity issue fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high
Yours
The OpenSSL Project Team |
|
Back to top |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1266 Location: Amsterdam, NL, EU
|
Posted: Tue 21 Apr '20 15:26 Post subject: |
|
|
https://www.openssl.org/news/vulnerabilities.html#2020-1967
Quote: | CVE-2020-1967 (OpenSSL advisory) [High severity] 21 April 2020:
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d.
Reported by Bernd Edlinger. |
|
|
Back to top |
|
|
|
|
|
|