it.ucsf.edu

Security Update:Open SSL Vulnerabilities Can Lead to Man-in-the-middle Attack

Status Type

Security Update

Date and Time

Friday, June 6, 2014 - 07:57

Reason

Security Update

Impact

OpenSSL Users

WHAT HAPPENED?

OpenSSL announced the release of updates to address man-in-the middle attack vulnerabilities.

Advanced Users: For a complete description of the vulnerability visit OpenSSL Security Advisory [05 Jun 2014] at https://www.openssl.org/news/secadv_20140605.txt.

 

AFFECTED VERSIONS:

  • OpenSSL 0.9.8 SSL/TLS
  • OpenSSL 1.0.0 SSL/TLS
  • OpenSSL 1.0.1 SSL/TLS

 

WHAT'S THE PROBLEM?

By attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker with a man-in-the-middle vantage point on the network may be able to decrypt or modify traffic between a client and server.

 

WHAT DO I NEED TO DO?

Update your software

1. If IT Field Services or you have other IT support, no action on your part is required.

2. If you do not have IT support, updates may be obtained through OpenSSL Security Advisory [05 Jun 2014] at https://www.openssl.org/news/secadv_20140605.txt.

  • OpenSSL 0.9.8 SSL/TLS users should upgrade to 0.9.8za
  • OpenSSL 1.0.0 SSL/TLS users should upgrade to 1.0.0m
  • OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1h

 

RELATED LINKS