Security News
The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512. OpenSSL 3.0.4 "Is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken.
GnuTLS, a widely used open source library implementing Transport Layer Security, last week fixed a bug that had been hiding in the code for almost two years that made resumed TLS 1.3 sessions vulnerable to attack. The flaw allowed GnuTLS servers to use session tickets issued during a previous secure TLS 1.3 session without accessing the function that generates secret keys, gnutls session ticket key generate().
OpenSSL has evolved a great deal in terms of security since the disclosure of the Heartbleed vulnerability back in 2014. read more
What have seven security fixes in FileZilla got to do with 2014's Heartbleed bug?
Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.
At the RSA Conference, nearly two years after Heartbleed, members of OpenSSL's Development Team described some benefits the nasty bug afforded them.