security team

Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.

The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a “man in the middle” attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.

{ 2 comments }

News Roundup

by on January 21, 2008 · 0 comments

=> KDE 4 Review : Ars Technica reviews KDE 4.0 – KDE 4.0 was officially released last week after extensive development. The long-awaited 4.0 release ushers in a new era for the popular open-source desktop environment and adds many intriguing new features and technologies. Unfortunately, the release comes with almost as many new bugs as […]

{ 0 comments }