Heartbleed 2.0? Not exactly but more OpenSSL issues have been found
Security Published on •1 min Last updated
In the wake of the recent Heartbleed Bug another series of OpenSSL vulnerabilities have been found. Whilst the Heartbleed bug was relatively easy to exploit, the latest batch of bugs are not. However if successfully exploited, there is potential for eavesdropping and traffic manipulation (CVE-2014-0224) as well as running arbitrary code on the vulnerable client or server (CVE-2014-0195).
The other vulnerabilities found and noted in the same advisory have been classified as CVE-2014-0221, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470.
For more details, please refer to https://www.openssl.org/news/secadv_20140605.txt.
As explained all vulnerabilities can be addressed by upgrading OpenSSL to the latest version.
Loadbalancer.org take security very seriously and will be issuing a patch shortly that addresses these issues. We have already recently released v7.6 and just released v7.6.1 which both include a series of updates that continue to focus on improving existing features and adding new ones, as well as constantly addressing any security issues if and when they are found.
Update: v7.6.2 has been released which addresses these vulnerabilities and is available through the usual online/offline update feature.