Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Version 0.9.6 has a bug that could allow denial of service.
OpenSSL is an open-source implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols, used to provide security protection to a variety of Internet protocols, including Web and e-mail applications. OpenSSL uses ASN.1 (Abstract Syntax Notation One) objects as part of the protocol exchange. The vulnerability will allow some ASN.1 sequences to cause a large recursion, which Windows doesn't handle properly. A remote attacker can send a specially created client certificate to a server and crash OpenSSL, causing a denial of service.
FOR MORE INFORMATION: