[csw-announce] openssl security advisory

Derek Morr dvm105 at psu.edu
Thu Sep 14 20:01:46 CEST 2006


The OpenSSL project recently discovered a flaw that could allow an 
attacker to generate a forged RSA signature that OpenSSL will accept as 
valid. This vulnerability is resolved in OpenSSL 0.9.8c.

We recommend that you immediately upgrade your openssl package by running:

pkg-get -Uu openssl

Note that services linking against the openssl shared libraries will 
need to be restarted.

For more information, please see 
http://www.openssl.org/news/secadv_20060905.txt

-derek



More information about the announce mailing list