Security Update:OpenSSL Announced Updates to Address 9 Vulnerabilities
Date and Time
OpenSSL announced the release of updates to address 9 vulnerabilities.
Advanced Users: For a complete description of the vulnerabilities and affected versions visit OpenSSL Security Advisory [06 Aug 2014] at https://www.openssl.org/news/secadv_20140806.txt.
- OpenSSL 0.9.8 SSL/TLS
- OpenSSL 1.0.0 SSL/TLS
- OpenSSL 1.0.1 SSL/TLS
WHAT'S THE PROBLEM?
Exploitation of a vulnerable version of OpenSSL, may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol.
WHAT DO I NEED TO DO?
Update your software
- If IT Field Services or you have other IT support, no action on your part is required.
- If you do not have IT support, updates may be obtained through OpenSSL Security Advisory [06 Aug 2014] at https://www.openssl.org/news/secadv_20140806.txt.
- National Vulnerability Database’s Vulnerability Summary for CVE-2014-0224 at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224
- ITS Security & Policy at http://it.ucsf.edu/security