[Freeswitch-users] OpenSSL security advisory affecting FreeSWITCH users.
Michael Jerris
mike at jerris.com
Thu Oct 16 04:12:08 MSD 2014
Please be aware of the following OpenSSL advisory from today. The FreeSWITCH team recommends all users upgrade to openssl 1.0.1j as soon as possible:
"A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.”
https://www.openssl.org/news/secadv_20141015.txt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141015/3c5cefb1/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list