Security Update:Open SSL Released Security Updates to Address Multiple Vulnerabilities
Date and Time
Open SSL Users
OpenSSL announced the release of updates to address a vulnerability that could impact proper certificate verification.
Advanced Users: For a complete description of the vulnerabilities and affected versions visit OpenSSL Security Advisory [3 Dec 2015] – Updated (4 Dec 2015) at https://www.openssl.org/news/secadv/20151203.txt.
- OpenSSL version 0.9.8
- OpenSSL version 1.0.1
- OpenSSL version 1.0.2
WHAT'S THE PROBLEM?
Exploitation of one of these vulnerabilities could allow an attacker to cause a Denial of Service condition.
WHAT DO I NEED TO DO?
Update your software
- If IT Field Services or you have other IT support, no action on your part is required.
- If you do not have IT support, updates may be obtained through OpenSSL Security Advisory [3 Dec 2015] – Updated (4 Dec 2015) at https://www.openssl.org/news/secadv/20151203.txt.
Note: If you’re using Open SSL versions 0.9.8 AND 1.0.0 you are advised to upgrade to later versions as those versions are coming to “End of Life” and
support will cease on December 31, 2015.
- ITS Security & Policy at http://it.ucsf.edu/security