New vulnerability in OpenSSL
Georgi Guninski
guninski at guninski.com
Sun Jun 8 03:38:09 PDT 2014
On Fri, Jun 06, 2014 at 09:58:15PM -0700, shelley at misanthropia.info wrote:
> On Fri, Jun 6, 2014, at 09:30 PM, jim bell wrote:
>
> Direct info:
> https://www.openssl.org/news/secadv_20140605.txt
>
>
> >
> > Experts said the newly discovered vulnerabilities in OpenSSL, which could
> > allow hackers to spy on communications, do not appear to be as serious a
> > threat as Heartbleed.
>From the FA:
> This is potentially exploitable to run arbitrary code on a vulnerable client or server.
This appears _worse_ than HB to me.
"Potentially" usually just downplays the issue -
it either exploitable or not.
More information about the cypherpunks
mailing list