Subscribe to receive notifications of new posts:

New OpenSSL vulnerabilities: CloudFlare systems patched

06/05/2014

1 min read

The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier today.

The most serious of these is a potential on-path attack CVE-2014-0224 which is being referred to as CCS Injection. Both Google's Adam Langley and the original reporter of the problem have write ups that give more technical detail.

We have applied the required patch to all CloudFlare servers and customers are protected against CVE-2014-0224 and all the other vulnerabilities announced today.

Everyone who uses OpenSSL in their software or on their server should upgrade as soon as possible; the OpenSSL team has released new versions today.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
OpenSSLVulnerabilitiesReliabilitySSL

Follow on X

Cloudflare|@cloudflare

Related posts

October 14, 2023 12:00 AM

Malicious “RedAlert - Rocket Alerts” application targets Israeli phone calls, SMS, and user information

On October 13, 2023, Cloudflare’s Cloudforce One Threat Operations Team became aware of a malicious Google Android application impersonating the real-time rocket alert app, Red Alert, which provides real-time rocket alerts for Israeli citizens...