CVE-2014-3513)It was discovered that OpenSSL incorrectly handled memory when verifyingthe integrity of a session ticket. A remote attacker could possibly usethis issue to cause OpenSSL to consume resources, resulting in a denial ofservice. (CVE-2014-3567)In addition, this update introduces support for the TLS Fallback SignalingCipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocoldowngrade attacks when certain applications such as web browsers attemptto reconnect using a lower protocol version for interoperability reasons."> OVAL Reference oval:org.mitre.oval:def:27052 - CERT Civis.Net
Oval Definition:oval:org.mitre.oval:def:27052
Revision Date:2014-11-24Version:3
Title:USN-2385-1 -- OpenSSL vulnerabilities
Description:It was discovered that OpenSSL incorrectly handled memory when parsingDTLS SRTP extension data. A remote attacker could possibly use this issueto cause OpenSSL to consume resources, resulting in a denial of service.This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2014-3513)It was discovered that OpenSSL incorrectly handled memory when verifyingthe integrity of a session ticket. A remote attacker could possibly usethis issue to cause OpenSSL to consume resources, resulting in a denial ofservice. (CVE-2014-3567)In addition, this update introduces support for the TLS Fallback SignalingCipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocoldowngrade attacks when certain applications such as web browsers attemptto reconnect using a lower protocol version for interoperability reasons.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2014-3513
CVE-2014-3567
USN-2385-1
Platform(s):Ubuntu 10.04
Ubuntu 12.04
Ubuntu 14.04
Product(s):openssl
Definition Synopsis
  • Ubuntu 14.04 release section
  • Ubuntu 14.04 is installed
  • AND libssl1.0.0 is earlier than 0:1.0.1f-1ubuntu2.7
  • Ubuntu 12.04 release section
  • Ubuntu 12.04 is installed
  • AND libssl1.0.0 is earlier than 0:1.0.1-4ubuntu5.20
  • Ubuntu 10.04 release section
  • Ubuntu 10.04 is installed
  • AND libssl0.9.8 is earlier than 0:0.9.8k-7ubuntu8.22
  • BACK