it.ucsf.edu

Security Update:OpenSSL Announced Updates to Address 9 Vulnerabilities

Status Type

Security Update

Date and Time

Thursday, August 7, 2014 - 13:43

Reason

Security Updates

Impact

OpenSSL Users

WHAT HAPPENED?

OpenSSL announced the release of updates to address 9 vulnerabilities.

Advanced Users: For a complete description of the vulnerabilities and affected versions visit OpenSSL Security Advisory [06 Aug 2014] at https://www.openssl.org/news/secadv_20140806.txt.

 

AFFECTED VERSIONS:

  • OpenSSL 0.9.8 SSL/TLS
  • OpenSSL 1.0.0 SSL/TLS
  • OpenSSL 1.0.1 SSL/TLS

 

WHAT'S THE PROBLEM?

Exploitation of a vulnerable version of OpenSSL, may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol.

 

WHAT DO I NEED TO DO?

Update your software

  1. If IT Field Services or you have other IT support, no action on your part is required.
  2. If you do not have IT support, updates may be obtained through OpenSSL Security Advisory [06 Aug 2014] at https://www.openssl.org/news/secadv_20140806.txt.

 

 

RELATED LINKS