Security News

Simply put, some internal errors in OpenSSL - a genuine but unlikely error, for example, such as running out of memory, or a flaw elsewhere in OpenSSL that provokes an error where there wasn't one - don't get reported correctly. Instead of percolating back to your application precisely, these errors get "Remapped" as they are passed back up the call chain in OpenSSL, where they ultimately show up as a completely different sort of error.

Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. OpenSSL has been configured for wider compatibility, allowing the use of legacy protocols, meaning that Kali can now talk to older, legacy systems that use them.

Learn tips on how you can use the Linux openssl command to find critical certificate details. It's important to not only keep an eye on upcoming SSL certificate expirations but to completely verify the success of renewing/replacing these certificates.

The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library. OpenSSL contain an open-source implementation of the SSL and TLS protocols, which provide the ability to secure communications across networks.

The OpenSSL team has released version 3.0 of its eponymous secure communications library after a lengthy gestation period. Coming nearly three years after its predecessor, version 1.1.1, the update lays claim to 17 alpha releases, two beta releases, and more than 7,500 commits.

Network-attached storage appliance maker QNAP said it's currently investigating two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable. "A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash," according to the advisory for CVE-2021-3711.

On Monday, QNAP put out two security advisories about OpenSSL remote-code execution and denial-of-service bugs, fixed last week, that affect its network-attached storage devices. Many popular open-source programming libraries that support it - including OpenSSL, LibreSSL and BoringSSL, "Have kept old-school product names for the sake of familiarity," Ducklin commented in a recent drilldown into the OpenSSL bugs.

Network-attached storage maker QNAP is investigating and working on security updates to address remote code execution and denial-of-service vulnerabilities patched by OpenSSL last week. The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync, according to advisories [1, 2] published earlier today.

The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. Despite having TLS support as its primary aim, OpenSSL also lets you access the lower-level functions on which TLS itself depends, so you can use the libcrypto part of OpenSSL to do standalone encryption, compute file hashes, verify digital signatures and even do arithmetic with numbers that are thousands of digits long.

Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution and denial-of-service OpenSSL vulnerabilities impact some of its products. "Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or execute arbitrary code via a susceptible version of Synology DiskStation Manager, Synology Router Manager, VPN Plus Server or VPN Server," the company explains in a security advisory published earlier today.