Red Hat Security Blog: June 2014 archives

  • OpenSSL Privilege Separation Analysis

    As part of the security response process, Red Hat Product Security looks at the information that we obtain in order to align future endeavors, such as source code auditing, to where problems occur in order to attempt to prevent repeats of previous issues. Private key isolation When Heartbleed was first announced, a patch was proposed to store private keys in isolated memory, surrounded by an unreadable page. The idea was that the process would crash due to a segmentation violation before the...
    Posted 2014-06-18T13:30:11+00:00 - 0
  • OpenSSL MITM CCS injection attack (CVE-2014-0224)

    In the last few years, several serious security issues have been discovered in various cryptographic libraries. Though very few of them were actually exploited in the wild before details were made public and patches were shipped, important issues like Heartbleed have led developers, researchers, and users to take code sanity of these products seriously. Among the recent issues fixed by the OpenSSL project in version 1.0.1h, the main one that will have everyone talking is the "Man-in-the-middle...
    Posted 2014-06-05T12:29:11+00:00 - 3