Contributed by grey on from the certifiably loopy dept.
For undeadly readers, our Errata column on the right side of the web site automatically updates and as of March 15th, 2022 some of you may have already noticed that there is a new security fix related to LibreSSL. Salient excerpt from the release notes as follows:
"* A malicious certificate can cause an infinite loop. Reported by and fix from Tavis Ormandy and David Benjamin, Google."
Subsequently, LibreSSL 3.5.1 (the development branch for those tracking -current/7.1-beta), 3.4.3 (the stable branch for those tracking 7.0-release) and 3.3.6 (the last supported branch for those stragglers still on OpenBSD 6.9) have been released!
Please see https://www.libressl.org/releases.html for more details and release notes specific to each version. It appears that the same bug was present in OpenSSL and has been fixed there too.
(Comments are closed)