Oval Definition:oval:com.ubuntu.trusty:def:20143569000
Revision Date:2014-12-24Version:1
Title:CVE-2014-3569 on Ubuntu 14.04 LTS (trusty) - low.
Description:The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-3569
Platform(s):Ubuntu 14.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 14.04 LTS (trusty) is installed.
  • AND Package Information
  • The 'openssl' package in trusty was vulnerable but has been fixed (note: '1.0.1f-1ubuntu2.8').
  • OR The 'openssl098' package in trusty is affected and needs fixing.
  • BACK