OpenSSL DTLS segmentation fault - 08 Jan 2015

Resolving the OpenSSL DTLS segmentation fault – 08 Jan 2015

An OpenSSL vulnerability identified on October 22^nd, 2014 by Markus Stenberg of Cisco Systems has recently been patched by OpenSSL. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer deference. For more information on this issue, please visit OpenSSL’s patch log located here: https://www.openssl.org/news/secadv_20150108.txt

Affected Users

All users with OpenSSL versions of 1.0.1, 1.0.0, and 0.9.8.

Severity

The severity has been deemed Moderate by OpenSSL. KRMC Enterprise customers that do not have their server communicate to the internet are not affected.

Resolution

The versions listed here have been tested to be secure..

1. Log onto the KRMC Server using administrator credentials
2. Go to OpenSSL's download page located here: http://openssl.org/source/ and download the following OpenSSL version depending on which one you're using. (Downloading newer versions will also remedy the issue)

• OpenSSL 1.0.01 should update to 1.0.1k
• OpenSSL 1.0.0 should update to 1.0.0p
• OpenSSL 0.9.8 should update to 0.9.8zd

3.  Launch the downloaded file.

Note: The installer may warn you that you need to install the Microsoft Visual C++ 2008 4, Redistributables. Select OK

4.  Press Next
5.  Select I accept the agreement
6.  Press Next
7.  Press Next for the destination location
8.  If it tells you the folder already exists, press Yes
9.  Press Next for the Start Menu Folder
10. Press Next for the additional tasks.
11. Press Install
12. Press Finish