HP Security Bulletin HPSBHF03293 1 - Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including heartbleed, padding oracle, and shellshock issues. Revision 1 of this advisory.
30d1ba0b92a93958f1b541914c45bffd10181d46e5a162699dcd2c22a93f67c4
Gentoo Linux Security Advisory 201412-39 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Versions less than 1.0.1j are affected.
a8911a2cd573d9d9b7a21dda6fda6b8c703d63c5dd4ba76095ba2d228441fbae
HP Security Bulletin HPSBOV03099 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or disclose information. Revision 1 of this advisory.
aae3e2a1d333eb054bbbacfd312875f79f591047aa6e4a71ea420ee9f8f26a54
FreeBSD Security Advisory - Multiple OpenSSL issues have been addressed. The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Various other issues have also been addressed.
b203a1f5bbe6d57d00f87b2c3bf3c8e5ce475ea36f8779f18a2ba89567d26437
HP Security Bulletin HPSBUX03095 SSRT101674 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. Revision 1 of this advisory.
35ea6546fb12c44295439a0781aa60fc6a8b2a36280244b7445e4c518ed728ff
Red Hat Security Advisory 2014-1054-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.
764aee33222756a8c5691f00ba7d65d359debf2fd22c3e64127636ad640c0504
Red Hat Security Advisory 2014-1052-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.
75bc0be12a1079a05666977a741c31a6e9ce2f144a48b721d2d303d494747755
Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
e6c1e38ce693c76a337bfee5d7931997488682a149dcc7351a58577e1f17db5b
Debian Linux Security Advisory 2998-1 - Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).
4b5ba9dfa84b23a549dccdd763c181521186cfd1c85de543dddad5497811bba9
Mandriva Linux Security Advisory 2014-158 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. OpenSSL DTLS clients enabling anonymous DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference by specifying an anonymous DH ciphersuite and sending carefully crafted handshake messages. The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.
0c47d350a43e9ef06283b3a0d86eb7459ba8b68df64c0a7b9834987b823bc450
Ubuntu Security Notice 2308-1 - Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. Various other issues were also addressed.
03bad2c5caba72992e90e3884ed995a197ef58b33d81447b1b69e27d4faf9d73
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
OpenSSL Security Advisory 20140806 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Other issues were also addressed.
2883e6b93580d6b479ec7deff02c94d30c4e29451dfc7278c3bc66db6f1c6795