Contributed by jose on from the secure-man-is-now-blind dept.
"Another security patch for OpenBSD. "Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks." patch 011 for OpenBSD page is already available at www.openbsd.org/errata.html"The patch for 3.2-stable is available as patch 011 , and for 3.1-stable as patch 024 . The official OpenSSL group advisory located here is worth a read, too, and contains the link to the CVE candidate. The paper itself on this is pretty cool too (PDF) . Thank you, Todd, for the heads up.
(Comments are closed)