DigiCert Blog

All posts under: OpenSSL

  1. OpenSSL Patches Five Security Vulnerabilities

    Earlier this morning, the OpenSSL project team released two security patches—1.0.2h and 1.0.1t—for five security vulnerabilities discovered in OpenSSL. These two new patches fix one “high” severity and four “low” severity vulnerabilities. None of these bugs affect SSL Certificates. No actions related to SSL Certificate management are required. High Severity Vulnerabilities Memory corruption in the…


  2. OpenSSL Patches Seven Security Vulnerabilities

    Yesterday morning, OpenSSL released two patches—versions 1.0.2g and 1.0.1s—for seven new security vulnerabilities that were found in OpenSSL versions 1.0.1 and 1.0.2. These patches fix one “high” severity and six “low” severity vulnerabilities. One High Severity Vulnerability The OpenSSL advisory explained that the high severity vulnerability known as DROWN (Decrypting RSA with Obsolete and Weakened…


  3. OpenSSL Patches Two Security Vulnerabilities

    This morning, OpenSSL released two security patches—versions 1.0.2f and 1.0.1r—for two new security vulnerabilities: one rated as “high” severity and one rated as “low” severity. The “high” severity vulnerability affects the 1.0.2 release. The “low” severity vulnerability affects all releases—1.0.2 and 1.0.1. Neither of these bugs affect SSL Certificates; no actions related to SSL Certificate…


  4. OpenSSL Patches Four Security Vulnerabilities

    Just before 9 a.m. MST this morning, developers at OpenSSL released four patches—versions 0.9.8zh, 1.0.0t, 1.0.1q, and 1.0.2e—for discovered OpenSSL security vulnerabilities. These patches fix a total of four vulnerabilities, three of which were rated as moderate and one rated low. To see the full list of vulnerabilities, see OpenSSL Security Advisory [3 Dec 2015].…


  5. OpenSSL Patches a “High” Severity Security Vulnerability

    Earlier this morning, OpenSSL released a security patch to fix a new vulnerability discovered in OpenSSL versions 1.0.2 and 1.0.1. This patch fixes one high severity vulnerability, which primarily affects clients. This bug does not affect private keys for DigiCert SSL Certificates, and no action related to certificate management is required. During certificate verification, OpenSSL (starting…