Software update: OpenSSL 1.0.0a / 0.9.8o

OpenSSL is a well-known security program that offers encryption functions. It contains an implementation of the tls and ssl protocols, with which data can be sent and received encrypted. For more information, we refer you to this page. The developers have released new versions with 1.0.0a and 0.9.8o as the version designations. The corresponding list of changes looks like this:

Changes between 1.0.0 and 1.0.0a:

  • Check return value of int_rsa_verify in pkey_rsa_verifyrecover (CVE-2010-1633) [Steve Henson, Peter-Michael Hager]

Changes between 0.9.8n and 0.9.8o:

  • Correct a typo in the CMS ASN1 module which can result in invalid memory access or freeing data twice (CVE-2010-0742) [Steve Henson, Ronald Moesbergen]
  • Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more common in certificates and some applications which only call SSL_library_init and not OpenSSL_add_all_algorithms() will fail. [Steve Henson]

Version number 1.0.0a / 0.9.8o
Release status Final
Operating systems Windows 7, Windows 2000, Linux, BSD, Windows XP, macOS, Solaris, UNIX, Windows Server 2003, Windows Vista, Windows Server 2008
Website OpenSSL
License type Conditions (GNU/BSD/etc.)