OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.
Updates available include:
OpenSSL 1.0.2b for 1.0.2 users
OpenSSL 1.0.1n for 1.0.1 users
OpenSSL 1.0.0s for 1.0.0d (and below) users
OpenSSL 0.9.8zg for 0.9.8r (and below) users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…