Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

OpenSSL Releases Security Advisory

Last Revised

OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code.

 The following updates are available:

  • OpenSSL 0.9.8 SSL/TLS users should upgrade to 0.9.8za
  • OpenSSL 1.0.0 SSL/TLS users should upgrade to 1.0.0m
  • OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1h

US-CERT recommends users and administrators review Vulnerability Note VU#978508 and the OpenSSL advisory for additional information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.