openssl security update

🗓️ 13 Aug 2014 20:10:43Reported by CentOS ProjectType

centos

centos🔗 lists.centos.org👁 81 Views

OpenSSL toolkit security update due to multiple vulnerabilities including memory disclosure and arbitrary code executio

Reporter	Title	Published	Views	Family All 398
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect Lenovo SAN Volume Controller and Storwize Family (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511)	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect IBM QRadar SIEM (CVE-2014-3567, CVE-2014-3568, CVE-2014-3508, CVE-2014-3511)	23 Feb 202217:02	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Open SSL, OpenSSH and curl affect the Integrated Management Module II (IMM2)	31 Jan 201901:35	–	ibm
IBM Security Bulletins	Security Bulletins for IBM Tealeaf Customer Experience offerings	16 Jun 201819:35	–	ibm
IBM Security Bulletins	IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index	31 Jan 202100:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN Scalable Switch Firmware (CVE-2014-3508, CVE-2014-3509, CVE-2014-3511)	31 Jan 201901:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple potential vulnerabilities in OpenSSL fixed in Chassis Management Module (CMM) (CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510, CVE-2014-3508)	31 Jan 201901:35	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities disclosed by OpenSSL project on August 6, 2014 that impact DataPower (CVE-2014-3508 and CVE-2014-3511)	20 Mar 202001:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Worklight (CVE-2014-3509, CVE-2014-5139)	17 Jun 201822:31	–	ibm
IBM Security Bulletins	Security Bulletin: Rational RequisitePro affected by OpenSSL vulnerabilities: (CVE-2014-5139, CVE-2014-3509, CVE-2014-3511)	17 Jun 201804:59	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
CentOS	6	i686	openssl	1.0.1e-16.el6_5.15	openssl-1.0.1e-16.el6_5.15.i686.rpm
CentOS	6	i686	openssl-devel	1.0.1e-16.el6_5.15	openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
CentOS	6	i686	openssl-perl	1.0.1e-16.el6_5.15	openssl-perl-1.0.1e-16.el6_5.15.i686.rpm
CentOS	6	i686	openssl-static	1.0.1e-16.el6_5.15	openssl-static-1.0.1e-16.el6_5.15.i686.rpm
CentOS	6	i686	openssl	1.0.1e-16.el6_5.15	openssl-1.0.1e-16.el6_5.15.i686.rpm
CentOS	6	x86_64	openssl	1.0.1e-16.el6_5.15	openssl-1.0.1e-16.el6_5.15.x86_64.rpm
CentOS	6	i686	openssl-devel	1.0.1e-16.el6_5.15	openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
CentOS	6	x86_64	openssl-devel	1.0.1e-16.el6_5.15	openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm
CentOS	6	x86_64	openssl-perl	1.0.1e-16.el6_5.15	openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm
CentOS	6	x86_64	openssl-static	1.0.1e-16.el6_5.15	openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Source	Link
rhn	www.rhn.redhat.com/errata/RHSA-2014-1052.html
steadfast	www.steadfast.net/
twitter	www.twitter.com/centos
linkedin	www.linkedin.com/groups/22405
youtube	www.youtube.com/TheCentOSProject
facebook	www.facebook.com/groups/centosproject/
reddit	www.reddit.com/r/CentOS/

13 Aug 2014 20:25Current

6.7Medium risk

Vulners AI Score6.7

CVSS 26.8

EPSS0.66025

openssl security update vulnerabilities memory disclosure arbitrary code execution tls ssl dtls race condition nul-terminate handshake packets diffie-hellman