by Philip Molter, CTO co-Golden Frog
OpenSSL today announced a high severity vulnerability in the OpenSSL library (CVE-2015-1793). The vulnerability allows attackers to forge certificates and, in some cases, these trusted certificates. For example, the bug could allow a malicious server to represent itself as a server Golden Frog for vulnerable customers.
We wanted all our users Golden Frog know that our services and customer are not vulnerable to this bug. The bug affects only very recent versions of OpenSSL, and our servers and software use stable versions of OpenSSL which include backported security fixes, no new features like the one that introduced the bug. In addition, where possible, our SSL libraries leverage applications provided by the client operating system, almost all standard OS versions are not vulnerable to this release. You should not be concerned if you run a custom system you have installed a very recent version of OpenSSL you. In this case, you need to update your version of OpenSSL to the latest patched.
Since heartbleed vulnerability, OpenSSL took a pre-announcement high bugfixes and severity of critical. Therefore, some media are hyping the next versions as "the next heartbleed." So far, this has not been the case, and it is certainly not the case here.
For more information on the bug, check the official version of OpenSSL or this follow-up article by the security status.
0 Komentar