Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Version 0.9.6 has a bug that could allow denial of service.
OpenSSL is an open-source implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols, used to provide security protection to a variety of Internet protocols, including Web and e-mail applications. OpenSSL uses ASN.1 (Abstract Syntax Notation One) objects as part of the protocol exchange. The vulnerability will allow some ASN.1 sequences to cause a large recursion, which Windows doesn't handle properly. A remote attacker can send a specially created client certificate to a server and crash OpenSSL, causing a denial of service.
FOR MORE INFORMATION: