OpenSSL Releases Security Update – Updated April 22, 2020

April 22, 2020

OpenSSL version 1.1.1g has been released to address a vulnerability affecting versions 1.1.1d–1.1.1f. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update. Read the advisory at CISA.

February 26, 2019

OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q. An attacker could exploit this vulnerability to obtain sensitive information. The NCCIC encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update. Read the advisory at NCCIC/US-CERT.

March 27, 2018

OpenSSL has released security updates to address a vulnerability in previous versions of 1.1.0 and 1.0.2. An attacker could exploit this vulnerability to cause a denial-of-service condition. The NCCIC/US-CERT encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary updates. NCCIC/US-CERT.

February 16, 2017

OpenSSL version 1.1.0e has been released to address a vulnerability for users of version 1.1.0. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary update. US-CERT.