New vulnerability in OpenSSL

Georgi Guninski guninski at guninski.com
Sun Jun 8 03:38:09 PDT 2014


On Fri, Jun 06, 2014 at 09:58:15PM -0700, shelley at misanthropia.info wrote:
> On Fri, Jun 6, 2014, at 09:30 PM, jim bell wrote:
> 
> Direct info:
> https://www.openssl.org/news/secadv_20140605.txt
> 
> 
> > 
> > Experts said the newly discovered vulnerabilities in OpenSSL, which could
> > allow hackers to spy on communications, do not appear to be as serious a
> > threat as Heartbleed.

>From the FA:

> This is potentially exploitable to run arbitrary code on a vulnerable client or server.

This appears _worse_ than HB to me.
"Potentially" usually just downplays the issue -
it either exploitable or not.




More information about the cypherpunks mailing list