[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New vulnerability in OpenSSL



On Fri, Jun 06, 2014 at 09:58:15PM -0700, [email protected] wrote:
> On Fri, Jun 6, 2014, at 09:30 PM, jim bell wrote:
> 
> Direct info:
> https://www.openssl.org/news/secadv_20140605.txt
> 
> 
> > 
> > Experts said the newly discovered vulnerabilities in OpenSSL, which could
> > allow hackers to spy on communications, do not appear to be as serious a
> > threat as Heartbleed.

>From the FA:

> This is potentially exploitable to run arbitrary code on a vulnerable client or server.

This appears _worse_ than HB to me.
"Potentially" usually just downplays the issue -
it either exploitable or not.