[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New vulnerability in OpenSSL

To: [email protected]
Subject: New vulnerability in OpenSSL
From: [email protected] (Georgi Guninski)
Date: Sun, 8 Jun 2014 13:38:09 +0300
Cc: [email protected]
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Fri, Jun 06, 2014 at 09:58:15PM -0700, [email protected] wrote:
> On Fri, Jun 6, 2014, at 09:30 PM, jim bell wrote:
> 
> Direct info:
> https://www.openssl.org/news/secadv_20140605.txt
> 
> 
> > 
> > Experts said the newly discovered vulnerabilities in OpenSSL, which could
> > allow hackers to spy on communications, do not appear to be as serious a
> > threat as Heartbleed.

>From the FA:

> This is potentially exploitable to run arbitrary code on a vulnerable client or server.

This appears _worse_ than HB to me.
"Potentially" usually just downplays the issue -
it either exploitable or not.

References:
- New vulnerability in OpenSSL
  - From: [email protected] (jim bell)
- New vulnerability in OpenSSL
  - From: [email protected] ([email protected])

Prev by Date: US Army research into quantum teleportation of data
Next by Date: Going to jail nowadays for owning a book, wtf?
Previous by thread: New vulnerability in OpenSSL
Next by thread: Internet Giants erect barriers to spy agencies
Index(es):
- Date
- Thread