[csw-announce] openssl security advisory

Derek Morr dvm105 at psu.edu
Thu Sep 14 20:01:46 CEST 2006

The OpenSSL project recently discovered a flaw that could allow an 
attacker to generate a forged RSA signature that OpenSSL will accept as 
valid. This vulnerability is resolved in OpenSSL 0.9.8c.

We recommend that you immediately upgrade your openssl package by running:

pkg-get -Uu openssl

Note that services linking against the openssl shared libraries will 
need to be restarted.

For more information, please see 


More information about the announce mailing list