Fixes are in for OpenSSL

The group behind the widely used Web security software releases a patch for two flaws that could allow someone to launch a denial-of-service attack.

The group behind OpenSSL, a widely used open-source Web security program, released two patches for security flaws to block potential denial-of-service attacks, the organization's developers said on Wednesday.

The flaws affect more than Linux systems that have the software installed. They could also hobble many routers

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

and network devices that incorporate the software. Cisco Systems released , saying its PIX firewall devices and some routers could be affected.

OpenSSL is an open implementation of Secure Sockets Layer (SSL) encryption, which is used by almost all Web browsers as a way to secure data that travels over the public Internet. The software also forms the basis of a popular component of the Apache Web server, which accounts for more than two-thirds of the servers on the Internet.

The flaws don't give an attacker the opportunity to take control of a computer or a device, but they do create the possibility for specially crafted data to crash the software. Such a denial-of-service attack could stop users

Get Up to Speed on...
Open source
Get the latest headlines and
company-specific news in our
expanded GUTS section.

from logging in to a server and prevent administrators from managing network devices. In some cases, the flaws will crash the device, causing wider network outages, according to several advisories.

A survey conducted last November found that nearly half of the Web servers involved in the study ran a version of OpenSSL that hadn't been recently patched. A flaw in the Web server component based of OpenSSL was responsible for allowing the Linux Slapper worm to spread in September 2002.

Red Hat and Novell's SuSE Linux subsidiary both ship Linux systems that incorporate OpenSSL.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

iPhone 6S chip controversy over battery life

Not all new iPhones have the same processor chip, but Apple says differences in performance are minimal. Apple also pulls ad-blocking apps over privacy concerns, and Netflix raises its price again.

by Bridget Carey