« Posts under OpenSSL

NetBSD Security Advisory 2010-011: OpenSSL Double Free Arbitrary Code Execution

October 28, 2010 / posted in BSD, Bug, NetBSD, OpenSSL, Operating System, Patch, pkgsrc, security, Security Advisory, server, SSL/TLS, Uncategorized, update, vulnerability / No Comments

A new security advisory for NetBSD has just been published. The contents of the Advisory is written below: Version: NetBSD-current: source prior to August 11, 2010 NetBSD 5.0.*: affected NetBSD 5.0: affected NetBSD 4.0.*: affected NetBSD 4.0: affected pkgsrc: openssl package prior to 0.9.8onb1 Severity: Denial of Service and potential arbitrary code execution Fixed: NetBSD-current: [...]

Firefox and TLS

April 28, 2010 / posted in computer, Configuration, firefox, internet, Network, OpenSSL, security, server, SSL/TLS, web-server / No Comments

The problem is TLSv1. Not in the server, but in the browser. As long as you keep your (UNIX-(like)) system up-t0-date, and compile your firefox yourself, or the maintainers of your package-system are doing that properly, everything remains fine. Should you be a windows- or MacOS-X-user, though, and should you furthermore be so unlucky as to use the binary provided by the Mozilla-Dev-Team, you’re in for some trouble, because that version of Firefox cannot display websites using TLSv1.

Debian Linux / OpenSSL: predictable random number generator

May 13, 2008 / posted in Bug, Debian, Linux, Network, OpenSSL, Operating System, security, SSL/TLS, vulnerability / No Comments

I just received word about a major security issue with Debian Linux’ OpenSSL-Package. All Debian-Versions, from sid over lenny to etch are affected. The issue: the openssl-package of Debian has a debian-specific change, which has caused the random number generator to be predictable. All certificates generated through these packages are thus weak and to be [...]

Debian Linux / OpenSSL: predictable random number generator

May 13, 2008 / posted in Bug, Debian, Linux, Network, OpenSSL, Operating System, security, SSL/TLS, vulnerability / No Comments

I just received word about a major security issue with Debian Linux’ OpenSSL-Package. All Debian-Versions, from sid over lenny to etch are affected. The issue: the openssl-package of Debian has a debian-specific change, which has caused the random number generator to be predictable. All certificates generated through these packages are thus weak and to be [...]