OpenSSL Patches Multiple Vulnerabilities

Original release date: June 12, 2015

OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.
Updates available include:

• OpenSSL 1.0.2b for 1.0.2 users
• OpenSSL 1.0.1n for 1.0.1 users
• OpenSSL 1.0.0s for 1.0.0d (and below) users
• OpenSSL 0.9.8zg for 0.9.8r (and below) users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.