[csw-announce] openssl security advisory
Derek Morr
dvm105 at psu.edu
Thu Sep 14 20:01:46 CEST 2006
The OpenSSL project recently discovered a flaw that could allow an
attacker to generate a forged RSA signature that OpenSSL will accept as
valid. This vulnerability is resolved in OpenSSL 0.9.8c.
We recommend that you immediately upgrade your openssl package by running:
pkg-get -Uu openssl
Note that services linking against the openssl shared libraries will
need to be restarted.
For more information, please see
http://www.openssl.org/news/secadv_20060905.txt
-derek
More information about the announce
mailing list