Revision Date: | 2014-11-24 | Version: | 3 |
Title: | USN-2385-1 -- OpenSSL vulnerabilities |
Description: | It was discovered that OpenSSL incorrectly handled memory when parsingDTLS SRTP extension data. A remote attacker could possibly use this issueto cause OpenSSL to consume resources, resulting in a denial of service.This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2014-3513)It was discovered that OpenSSL incorrectly handled memory when verifyingthe integrity of a session ticket. A remote attacker could possibly usethis issue to cause OpenSSL to consume resources, resulting in a denial ofservice. (CVE-2014-3567)In addition, this update introduces support for the TLS Fallback SignalingCipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocoldowngrade attacks when certain applications such as web browsers attemptto reconnect using a lower protocol version for interoperability reasons. |
Family: | unix | Class: | patch |
Status: | ACCEPTED | Reference(s): | CVE-2014-3513 CVE-2014-3567 USN-2385-1
|
Platform(s): | Ubuntu 10.04 Ubuntu 12.04 Ubuntu 14.04
| Product(s): | openssl
|
Definition Synopsis |
Ubuntu 14.04 release section Ubuntu 14.04 is installed
AND libssl1.0.0 is earlier than 0:1.0.1f-1ubuntu2.7
Ubuntu 12.04 release section
Ubuntu 12.04 is installed
AND libssl1.0.0 is earlier than 0:1.0.1-4ubuntu5.20
Ubuntu 10.04 release section
Ubuntu 10.04 is installed
AND libssl0.9.8 is earlier than 0:0.9.8k-7ubuntu8.22
|