Video Screencast Help
The Symantec Enterprise Security business is now part of Broadcom. Click here for more details.
Thought Leadership

OpenSSL Announces Forthcoming Releases to Patch Several Security Defects

Created: 18 Mar 2015 • Updated: 19 Mar 2015
Ben W.'s picture
+1 1 Vote
Login to vote

The OpenSSL Project has announced several vulnerabilities in the library which will be patched on Thursday, March 19, 2015.  The announcement was made by OpenSSL's Matt Caswell.  Caswell states that the patches will fix a number of security defects and the highest severity fixed by these releases is classified as "high" severity.  The patches will address the vulnerabilities with OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf.  Symantec will have more information shortly after the releases.

UPDATE (March 19, 2015): 

The vulnerabilities were announced on March 19, 2015 and related patches released the same day.  There are no impacts on SSL certificates and thus no need for replacement or revocation.  OpenSSL has documented the impacts of each of the vulnerabilities on their site (see: http://bit.ly/1BCmshz). Customers using OpenSSL should review the OpenSSL Security Advisory and are advised to disable weak ciphers related to the FREAK vulnerability (see http://bit.ly/1xjjHqI) and upgrade to the latest versions of OpenSSL.