Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.
The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a “man in the middle” attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.
This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.
Didn’t take long to release new updated version.
The Debian project is pleased to announce the sixth update of its stable distribution Debian GNU/Linux 4.0 (codename “etch”). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. This update has been rated as having important security impact. You are advised to upgrade system ASAP.
Red Hat today released kernel updates to fix at least 15 security flaws in its core called Linux kernel. RHEL users can grab the latest updates from RHN website or by simply running yum update command. This update has been rated as having important security impact.
Red Hat issued an update version of Linux operating system core called kernel that plugs various security holes for RHEL 5.x. This update has been rated as having important security impact. All users are advised to upgrade kernel package.
An updated firefox package that fixes several security issues is now available for various Linux distributions. All Mozilla Firefox users should upgrade to this updated package as update has been rated as having critical security impact.
Red Hat has issued a security update for its kernel package. The patch plugs a critical flaw that Red Hat said attackers could use to take control of a vulnerable system.