OpenBSD Journal

LibreSSL 3.5.1 development branch as well as 3.4.3 (stable) and 3.3.6 released

Contributed by grey on from the certifiably loopy dept.

For undeadly readers, our Errata column on the right side of the web site automatically updates and as of March 15th, 2022 some of you may have already noticed that there is a new security fix related to LibreSSL. Salient excerpt from the release notes as follows:

"* A malicious certificate can cause an infinite loop.
      Reported by and fix from Tavis Ormandy and David Benjamin, Google."

Subsequently, LibreSSL 3.5.1 (the development branch for those tracking -current/7.1-beta), 3.4.3 (the stable branch for those tracking 7.0-release) and 3.3.6 (the last supported branch for those stragglers still on OpenBSD 6.9) have been released!

Please see https://www.libressl.org/releases.html for more details and release notes specific to each version. It appears that the same bug was present in OpenSSL and has been fixed there too.

(Comments are closed)


Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]