First OpenSSL Updates in 2018 Patch Three Flaws

By Eduard Kovacs

The first round of security updates released in 2018 for OpenSSL patch a total of three vulnerabilities, but none of them appears to be serious.

OpenSSL versions 1.1.0h and 1.0.2o patch CVE-2018-0739, a denial-of-service (DoS) vulnerability discovered using Google’s OSS-Fuzz service, which has helped find several flaws in OpenSSL in the past period.

The security hole, rated “moderate,” is related to constructed ASN.1 types with a recursive definition.

“Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion,” …read more

Via:: Security Week