The Apache Haus Forum

Forum Topics => News & General Discussion => Topic started by: Gregg on March 31, 2010, 03:07:37 AM

Title: "Record of death" or OpenSSL 0.9.8n update released
Post by: Gregg on March 31, 2010, 03:07:37 AM
Yes, that is what they are calling it and as quoted from OpenSSL's advisory;

In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL. Affected versions depend on the C compiler used with OpenSSL

Since msdn tells me a short is 2 bytes, this would make the affected version
just 0.9.8m on the Windows platform.

Update packages can be downloaded from our Downloads page ( as always.