Copssh 4.7.1 has OpenSSL 1.0.1f containing security fixes against vulnerabilities CVE-2013-4353, CVE-2013-6450 and CVE-2013-6449:
CVE-2013-4353A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue only affected OpenSSL 1.0.1 versions. Reported by Anton Johansson.CVE-2013-6450A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. This is not a vulnerability for OpenSSL prior to 1.0.0. Reported by Dmitry Sobinov.CVE-2013-6449A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. This issue only affected OpenSSL 1.0.1 versions. Reported by Ron Barber.
In addition, Cygwin and other tools are updated to their latest versions.
Existing customers can download the latest version from their customer pages at www.itefix.net