it.ucsf.edu

Security Update:Open SSL Released Security Updates to Address Multiple Vulnerabilities

Status Type

Security Update

Date and Time

Friday, December 4, 2015 - 14:07

Reason

Security Update

Impact

Open SSL Users

 

WHAT HAPPENED?
OpenSSL announced the release of updates to address a vulnerability that could impact proper certificate verification.

Advanced Users: For a complete description of the vulnerabilities and affected versions visit OpenSSL Security Advisory [3 Dec 2015] – Updated (4 Dec 2015) at https://www.openssl.org/news/secadv/20151203.txt.


AFFECTED VERSIONS:

  • OpenSSL version 0.9.8
  • OpenSSL version 1.0.1
  • OpenSSL version 1.0.2



WHAT'S THE PROBLEM?
Exploitation of one of these vulnerabilities could allow an attacker to cause a Denial of Service condition.


WHAT DO I NEED TO DO?
Update your software

  1. If IT Field Services or you have other IT support, no action on your part is required.
  2. If you do not have IT support, updates may be obtained through OpenSSL Security Advisory [3 Dec 2015] – Updated (4 Dec 2015) at https://www.openssl.org/news/secadv/20151203.txt.


Note: If you’re using Open SSL versions 0.9.8 AND 1.0.0 you are advised to upgrade to later versions as those versions are coming to “End of Life” and
support will cease on December 31, 2015.

 

RELATED LINKS