OpenSSL has posted an updated advisory today indicating the fix for CVE-2012-2110 released on 19APR2012 was not sufficient to correct the ASN1 BIO vulnerability issue for OpenSSL version 0.9.8.
Please note thatthis latest issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0ialready contain a patch as released on the 19th sufficient to correct CVE-2012-2110.
Please upgrade to0.9.8w.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Please note thatthis latest issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0ialready contain a patch as released on the 19th sufficient to correct CVE-2012-2110.
Please upgrade to0.9.8w.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.