Openssl

OpenSSL Vulnerabilities Critical Patch released by Canonical

Canonical recently released a critical security patch for OpenSSL Vulnerabilities. This release addresses an openssl – Secure Socket Layer (SSL) cryptographic library and tools and its affects the following releases of Ubuntu and its derivatives: Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS. Details: Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

Heartbleed bug in OpenSSL

A serious vulnerability has been detected in the popular OpenSSL cryptographic software, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs). Update: For those using the Amazon Linux AMI, you can simply run “sudo yum update openssl”, and then restart any services using OpenSSL to protect any at-risk instances.