Reply to post: Debian Security Announcement

Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat

Paul D Smyth

Debian Security Announcement

Is it absolutely impossible for these guys to just send out an announcement in plain English?

A memory leak flaw was found in the way an OpenSSL handled failed

session ticket integrity checks. A remote attacker could exhaust all

available memory of an SSL/TLS or DTLS server by sending a large number

of invalid session tickets to that server.

What? Where, what typical applications/scenarios might be affected? Real world examples? No wonder the Open Source world has such a bad rep amongst non geeks. Pure gobbledygook brought on by severe laziness and extreme arrogance.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019