The OpenSSL project has released a Security Advisory to address a vulnerability in OpenSSL. This vulnerability results from several incorrect checks of the result of the EVP_VerifyFinal function when performing signature checks on DSA and ECDSA keys used with SSL/TLS. As a result, a malformed signature could be treated as valid. Exploitation of this vulnerability may allow a remote attacker to bypass signature checks and conduct spoofing attacks.

US-CERT encourages users and administrators to review the OpenSSL Security Advisory and apply any vendor released updates for the OpenSSL package or upgrade to the newest version of the software as described in the OpenSSL advisory.

Read more: US-CERT Current Activity