1, 2, 3 security holes in open-source OpenSSL project
C|Net | at | by Mike
An open-source group that maintains software for securing communications released a patch on Tuesday to fix several vulnerabilities that were found during a security test by the U.K. government.
The security flaws exist in the OpenSSL Project's version of the secure sockets layer (SSL) software used by Web sites and browsers to cryptographically secure data. Two of the flaws could lead to a denial-of-service attack, and a third may allow an attacker to break into a system from the Internet.
Cox said that a specially crafted digital certificate could crash the OpenSSL software through either of two flaws, causing a denial-of-service attack. The third flaw could result in a security hole that could allow online vandals to attack a server or enable a worm to spread. All versions of OpenSSL, up to and including 0.9.6j and 0.9.7b, are affected, according to an advisory issued by the group.