<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><pre style="word-wrap: break-word; white-space: pre-wrap;">Please be aware of the following OpenSSL advisory from today. The FreeSWITCH team recommends all users upgrade to openssl 1.0.1j as soon as possible:
"A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.”</pre><pre style="word-wrap: break-word; white-space: pre-wrap;"><a href="https://www.openssl.org/news/secadv_20141015.txt">https://www.openssl.org/news/secadv_20141015.txt</a></pre></body></html>