Security 10816 Published by

A new version of the OpenSSL package has been released, fixing six vulnerabilities, including a plaintext recovery attack on the DTLS implementation.



From threatpost:
The most problematic of the vulnerabilities fixed in the new version is the one that enables the plaintext recovery attack, which was discovered by a pair of security researchers who found a way to extend the CBC padding oracle attack. The attack enables someone to exploit the problem with OpenSSL's DTLS implementation to recover the plaintext version of an encrypted message.
  New Version of OpenSSL Fixes Six Flaws