OpenSSL Security Advisory

CVE

CVE-2015-1793

Summary

OpenSSL has released updates to address a flaw that can potentially allow an attacker cause certain checks on untrusted certificates to be bypassed.

Affected versions

OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o

Recommendation

OpenSSL 1.0.2b/1.0.2c system administrators are advised to upgrade to 1.0.2d.

OpenSSL 1.0.1n/1.0.1o system administrators are advised to upgrade to 1.0.1p.

Useful Links

https://www.openssl.org/news/secadv_20150709.txt
https://www.us-cert.gov/ncas/current-activity/2015/07/09/OpenSSL-Releases-Security-Advisory
https://access.redhat.com/solutions/1523323