Security Advisory: CVE-2015-1793 OpenSSL High Security Vulnerability (July 2015)

OpenSSL Security Advisory dated 9 Jul 2015
Alternative chains certificate forgery (CVE-2015-1793)
Severity: High

Affected OpenSSL versions:
1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o

Impact:
Any application which verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication

OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

Note:
Verify with your vendor, supplier or partners if their systems are affected
e.g. Private keys for DigiCert SSL Certificates are not affected by this new vulnerability whereas a number of Cisco products are known to be vulnerable.