Да ёкарный бабай!!: nlothik

Да ёкарный бабай!!

Ну чо, товарищи убунтоиды, красношапочники и прочие луниксизды? Опять?

https://www.openssl.org/news/secadv/20160503.txt

OpenSSL Security Advisory [3rd May 2016]

Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Severity: High

OpenSSL 1.0.2 users should upgrade to 1.0.2c
OpenSSL 1.0.1 users should upgrade to 1.0.1o

Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Severity: High

OpenSSL 1.0.2 users should upgrade to 1.0.2h
OpenSSL 1.0.1 users should upgrade to 1.0.1t

Отдельно порадовало описание проблемы:

"A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack."

"А в этом релизе наши бравые программисты убрали кучу старых багов и щедро добавили новых", ага.

Post a new comment
Error
Anonymously

Log in

default userpic

Your reply will be screened

Your IP address will be recorded

When you submit the form an invisible reCAPTCHA check will be performed.
You must follow the Privacy Policy and Google Terms of use.

Preview comment

Help
1 comment

Post a new comment
1 comment

Да ёкарный бабай!!

Спотыкач

Метла метёт

Про кибержуликов

Error