As announced earlier this week, the OpenSSL Project today released an update for the 1.1.0 branch to address several vulnerabilities, including a high severity denial-of-service (DoS) issue reported by a security expert at Google.
OpenSSL 1.1.0c fixes three vulnerabilities. The most serious of them, tracked as CVE-2016-7054, is a heap-based buffer overflow related to TLS connections using *-CHACHA20-POLY1305 cipher suites. Corrupting larger payloads can lead to a DoS condition, which can result in a crash of OpenSSL.
Leave a reply