![](https://seccdn.libravatar.org/avatar/b4047644c59f2d63b88e9464c02743fd.jpg?s=120&d=mm&r=g)
On 10/14/2014 3:41 PM, Cristian Rodríguez wrote:
El 14/10/14 a las #4, John Andersen escribió:
http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_t...
The Register has learned that news of yet another security vulnerability - this time in SSL 3.0 - is probably imminent.
Maintainers have kept quiet about the vulnerability in the lead-up to a patch release, which is expected in in the late European evening, or not far from high noon Pacific Time.
It is just a practical SSL downgrade attack..not a library bug but a protocol error.
Its a little more complex than a downgrade attack, because it relies on both the ability to negotiate a downgrade AND a vulnerability is SSL 3.0. https://www.openssl.org/~bodo/ssl-poodle.pdf http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploi... -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org