Security Advisory: CVE-2015-1793 OpenSSL High Security Vulnerability (July 2015)

OpenSSL Security Advisory dated 9 Jul 2015
Alternative chains certificate forgery (CVE-2015-1793)
Severity: High

Affected OpenSSL versions:
1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o

Any application which verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication

OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

Verify with your vendor, supplier or partners if their systems are affected
e.g. Private keys for DigiCert SSL Certificates are not affected by this new vulnerability whereas a number of Cisco products are known to be vulnerable.