Two patches have been released for flaws in the open-source security program that permit denial-of-service attacks that could cripple the Internet. The group behind OpenSSL, a widely used open-source Web security program, released two patches for security flaws to block potential denial-of-service attacks, the organisation"s developers said on Wednesday. The flaws affect more than Linux systems that have the software installed. They could also hobble many routers and network devices that incorporate the software. Cisco Systems released an advisory on Wednesday, saying its PIX firewall devices and some routers could be affected.
OpenSSL is an open implementation of Secure Sockets Layer (SSL) encryption, which is used by almost all Web browsers as a way to secure data that travels over the public Internet. The software also forms the basis of a popular component of the Apache Web server, which accounts for more than two-thirds of the servers on the Internet. The flaws don"t give an attacker the opportunity to take control of a computer or a device, but they do create the possibility for specially crafted data to crash the software. Such a denial-of-service attack could stop users from logging in to a server and prevent administrators from managing network devices. In some cases, the flaws will crash the device, causing wider network outages, according to several advisories.