OpenSSL patches eight new vulnerabilities
Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks.
The flaws are only of moderate and low severity, unlike the Heartbleed vulnerability discovered last year. Heartbleed could have allowed attackers to steal sensitive information including encryption keys from servers.
Nevertheless, “system administrators should plan to upgrade their running OpenSSL server instances in the coming days,” said Tod Beardsley, engineering manager at vulnerability intelligence firm Rapid7, via email Friday.