Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3053-1:A743E
HistoryOct 16, 2014 - 3:48 p.m.

[SECURITY] [DSA 3053-1] openssl security update

2014-10-1615:48:24
lists.debian.org
20

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.321 Low

EPSS

Percentile

97.0%

JSON

Debian Security Advisory DSA-3053-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
October 16, 2014 http://www.debian.org/security/faq

Package : openssl
CVE ID : CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

Several vulnerabilities have been found in OpenSSL, the Secure Sockets
Layer library and toolkit.

CVE-2014-3513

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure
Real-time Transport Protocol (SRTP) extension data. A remote attacker
could send multiple specially crafted handshake messages to exhaust
all available memory of an SSL/TLS or DTLS server.

CVE-2014-3566 ("POODLE")

A flaw was found in the way SSL 3.0 handled padding bytes when
decrypting messages encrypted using block ciphers in cipher block
chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)
attacker to decrypt a selected byte of a cipher text in as few as 256
tries if they are able to force a victim application to repeatedly send
the same data over newly created SSL 3.0 connections. 

This update adds support for Fallback SCSV to mitigate this issue.

CVE-2014-3567

A memory leak flaw was found in the way an OpenSSL handled failed
session ticket integrity checks. A remote attacker could exhaust all
available memory of an SSL/TLS or DTLS server by sending a large number
of invalid session tickets to that server.

CVE-2014-3568

When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.

For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u13.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.1j-1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7sparcopenssl< 1.0.1e-2+deb7u13openssl_1.0.1e-2+deb7u13_sparc.deb
Debian7mipsellibcrypto1.0.0-udeb< 1.0.1e-2+deb7u13libcrypto1.0.0-udeb_1.0.1e-2+deb7u13_mipsel.deb
Debian7ia64openssl< 1.0.1e-2+deb7u13openssl_1.0.1e-2+deb7u13_ia64.deb
Debian7s390libssl-dev< 1.0.1e-2+deb7u13libssl-dev_1.0.1e-2+deb7u13_s390.deb
Debian7kfreebsd-i386libssl1.0.0-dbg< 1.0.1e-2+deb7u13libssl1.0.0-dbg_1.0.1e-2+deb7u13_kfreebsd-i386.deb
Debian7kfreebsd-i386libssl1.0.0< 1.0.1e-2+deb7u13libssl1.0.0_1.0.1e-2+deb7u13_kfreebsd-i386.deb
Debian7s390xlibssl1.0.0< 1.0.1e-2+deb7u13libssl1.0.0_1.0.1e-2+deb7u13_s390x.deb
Debian7armellibssl1.0.0< 1.0.1e-2+deb7u13libssl1.0.0_1.0.1e-2+deb7u13_armel.deb
Debian7kfreebsd-i386openssl< 1.0.1e-2+deb7u13openssl_1.0.1e-2+deb7u13_kfreebsd-i386.deb
Debian7amd64libssl-dev< 1.0.1e-2+deb7u13libssl-dev_1.0.1e-2+deb7u13_amd64.deb
Rows per page:
1-10 of 781

Related

ibm 70
suse 7
nessus 40
openvas 24
freebsd 1
slackware 1
freebsd_advisory 1
securityvulns 4
archlinux 1
kaspersky 2
osv 2
amazon 1
aix 1
mageia 1
centos 1
redhat 2
debian 1
ubuntu 1
vmware 2
f5 6
veracode 4
checkpoint_advisories 2
ubuntucve 3
cve 3
openssl 3
prion 3
altlinux 5
debiancve 3
fedora 4
ibm
ibm
Security Bulletin: Vulnerability in SSLv3 affects multiple IBM Security Infrastructure appliances (CVE-2014-3566)
2022-02-23 19:48:26
Security Bulletin: IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in SSLv3 and OpenSSL
2019-10-18 03:50:04
Security Bulletin: Four (4) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems ( CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, and CVE-2014-3568)
2023-02-28 01:12:10
suse
suse
Security update for openssl1 (important)
2014-11-04 23:04:45
update for openssl (important)
2014-10-29 16:05:00
Security update for OpenSSL (important)
2014-11-11 00:05:06
nessus
nessus
VMware Security Updates for vCenter Server (VMSA-2015-0001) (POODLE)
2015-02-03 00:00:00
Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl6) (POODLE)
2015-01-19 00:00:00
Debian DSA-3053-1 : openssl - security update (POODLE)
2014-10-17 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3053-1)
2014-10-15 00:00:00
Slackware: Security Advisory (SSA:2014-288-01)
2022-04-21 00:00:00
openSUSE: Security Advisory for update (openSUSE-SU-2014:1331-1)
2014-10-30 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-10-15 00:00:00
slackware
slackware
[slackware-security] openssl
2014-10-15 17:58:22
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:23.openssl
2014-10-21 00:00:00
securityvulns
securityvulns
[slackware-security] openssl &#40;SSA:2014-288-01&#41;
2014-10-17 00:00:00
OpenSSL multiple security vulnerabilities
2014-12-09 00:00:00
APPLE-SA-2015-09-16-2 Xcode 7.0
2015-10-05 00:00:00
archlinux
archlinux
openssl: denial of service / man-in-the-middle / poodle mitigation
2014-10-16 00:00:00
kaspersky
kaspersky
KLA10359 Vulnerability in Tableau
2014-07-18 00:00:00
KLA10452 Multiple vulnerabilities in VMware products
2015-01-27 00:00:00
osv
osv
openssl - security update
2014-10-16 00:00:00
openssl - security update
2014-11-01 00:00:00
amazon
amazon
Important: openssl
2014-10-15 16:14:00
aix
aix
AIX OpenSSL Denial of Service due to memory leak in DTLS / AIX OpenSSL Patch to mitigate CVE-2014-3566 / AIX OpenSSL Denial of Service due to memory consumption
2014-10-29 04:58:52
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-10-23 17:27:57
centos
centos
openssl security update
2014-10-16 16:22:42
redhat
redhat
(RHSA-2014:1692) Important: openssl security update
2014-10-22 00:00:00
(RHSA-2014:1652) Important: openssl security update
2014-10-16 00:00:00
debian
debian
[SECURITY] [DLA 81-1] openssl security update
2014-11-01 15:49:46
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-10-16 00:00:00
vmware
vmware
VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
2015-01-27 00:00:00
VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
2015-01-27 00:00:00
f5
f5
K15722 : OpenSSL DTLS SRTP Memory Leak CVE-2014-3513
2015-09-16 00:00:00
SOL15724 - OpenSSL vulnerability CVE-2014-3568
2014-10-23 00:00:00
SOL15722 - OpenSSL DTLS SRTP Memory Leak CVE-2014-3513
2014-10-23 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Memory Consumption
2019-01-15 09:02:31
Denial Of Service (DoS) Through Memory Consumption
2017-02-07 00:45:14
Access Restriction Bypass
2017-02-06 08:45:07
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS SRTP Extension Parsing Denial of Service (CVE-2014-3513)
2015-02-01 00:00:00
OpenSSL Invalid Session Ticket Denial of Service (CVE-2014-3567)
2014-11-03 00:00:00
ubuntucve
ubuntucve
CVE-2014-3513
2014-10-15 00:00:00
CVE-2014-3568
2014-10-19 00:00:00
CVE-2014-3567
2014-10-15 00:00:00
cve
cve
CVE-2014-3513
2014-10-19 01:55:00
CVE-2014-3568
2014-10-19 01:55:00
CVE-2014-3567
2014-10-19 01:55:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3513
2014-10-15 00:00:00
Vulnerability in OpenSSL CVE-2014-3568
2014-10-15 00:00:00
Vulnerability in OpenSSL CVE-2014-3567
2014-10-15 00:00:00
prion
prion
Design/Logic Flaw
2014-10-19 01:55:00
Memory corruption
2014-10-19 01:55:00
Memory corruption
2014-10-19 01:55:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
debiancve
debiancve
CVE-2014-3513
2014-10-19 01:55:00
CVE-2014-3568
2014-10-19 01:55:00
CVE-2014-3567
2014-10-19 01:55:00
fedora
fedora
[SECURITY] Fedora 19 Update: libetpan-1.6-1.fc19
2015-01-05 07:36:19
[SECURITY] Fedora 22 Update: fossil-1.33-1.fc22
2015-10-15 03:51:23
[SECURITY] Fedora 21 Update: subscription-manager-1.13.6-1.fc21
2014-11-10 06:34:40

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.321 Low

EPSS

Percentile

97.0%

JSON
Related for DEBIAN:DSA-3053-1:A743E
ibm70suse7nessus40openvas24freebsd1slackware1freebsd_advisory1securityvulns4archlinux1kaspersky2osv2amazon1aix1mageia1centos1redhat2debian1ubuntu1vmware2f56veracode4checkpoint_advisories2ubuntucve3cve3openssl3prion3altlinux5debiancve3fedora4