Jeffrey Altman wrote:
>>Jeffrey Altman wrote:
>>
>>>The answer to your questions is 'yes'. As I understand it, the
>>>patches were released as they are "for the time being" because it is
>>>better to crash your application then allow the attacker to compromise
>>>your computer.
>>>
>>>New patches
> Jeffrey Altman wrote:
> > The answer to your questions is 'yes'. As I understand it, the
> > patches were released as they are "for the time being" because it is
> > better to crash your application then allow the attacker to compromise
> > your computer.
> >
> > New patches will have to be re
Jeffrey Altman wrote:
> The answer to your questions is 'yes'. As I understand it, the
> patches were released as they are "for the time being" because it is
> better to crash your application then allow the attacker to compromise
> your computer.
>
> New patches will have to be released to prop
I submitted an analysis of the changes to be made shortly after the
patches were issued. I won't have time to try and work on patches
until the weekend. Perhaps someone from the OpenSSL team will beat me
to it.
>
> Thanks for the reply.
>
> Do you know when a full fix is to be expected?
>
>
Title: Question about the latest security patch - malicious usage
Hi all,
I'm sorry if this is a bit of a novice question.
I have noticed that in the latest security patch a lot of assertions have been added. If an assertion is not viable then "abort()" is called.
My q