компьютеры

Да ёкарный бабай!!

Ну чо, товарищи убунтоиды, красношапочники и прочие луниксизды? Опять?

https://www.openssl.org/news/secadv/20160503.txt

OpenSSL Security Advisory [3rd May 2016]

Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Severity: High

OpenSSL 1.0.2 users should upgrade to 1.0.2c
OpenSSL 1.0.1 users should upgrade to 1.0.1o

Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Severity: High

OpenSSL 1.0.2 users should upgrade to 1.0.2h
OpenSSL 1.0.1 users should upgrade to 1.0.1t

Отдельно порадовало описание проблемы:

"A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack."

"А в этом релизе наши бравые программисты убрали кучу старых багов и щедро добавили новых", ага.