Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201412-39
HistoryDec 26, 2014 - 12:00 a.m.

OpenSSL: Multiple vulnerabilities

2014-12-2600:00:00
Gentoo Foundation
security.gentoo.org
22

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.947 High

EPSS

Percentile

99.2%

JSON

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker may be able to cause a Denial of Service condition, perform Man-in-the-Middle attacks, obtain sensitive information, or bypass security restrictions.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/openssl< 1.0.1jUNKNOWN

Related

nessus 52
openvas 38
ibm 64
altlinux 5
freebsd 2
mageia 1
aix 1
amazon 2
osv 2
debian 4
slackware 2
huawei 1
ubuntu 1
securityvulns 3
kaspersky 2
freebsd_advisory 2
redhat 3
oraclelinux 2
centos 1
f5 2
fedora 5
suse 3
archlinux 1
nessus
nessus
GLSA-201412-39 : OpenSSL: Multiple vulnerabilities
2014-12-26 00:00:00
Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3505_denial_of)
2015-01-19 00:00:00
Apache Tomcat 8.0.x < 8.0.15 Multiple Vulnerabilities (POODLE)
2015-03-05 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201412-39
2015-09-29 00:00:00
Debian Security Advisory DSA 2998-1 (openssl - security update)
2014-08-07 00:00:00
Slackware: Security Advisory (SSA:2014-220-01)
2022-04-21 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Netezza Platform Software
2019-10-18 03:10:29
Security Bulletin: Vulnerability in SSLv3 Affects Power Hardware Management Console (CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-
2021-09-23 01:31:39
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server and IBM Tivoli Monitoring shipped with IBM Tivoli Network Manager (CVE-2014-3566, CVE-2014-3513, CVE-2014-3567,CVE-2014-3568 and August 6th 2014)
2018-06-17 14:48:04
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-08-06 00:00:00
OpenSSL -- multiple vulnerabilities
2014-10-15 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
Important: openssl
2014-10-15 16:14:00
osv
osv
openssl - security update
2014-08-07 00:00:00
openssl - security update
2014-10-16 00:00:00
debian
debian
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
[DLA 33-1] openssl security update
2014-08-07 20:36:09
[SECURITY] [DSA 3053-1] openssl security update
2014-10-16 15:48:24
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
[slackware-security] openssl
2014-10-15 17:58:22
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
[slackware-security] openssl &#40;SSA:2014-288-01&#41;
2014-10-17 00:00:00
[SECURITY] [DSA 2833-1] openssl security update
2014-01-08 00:00:00
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
KLA10359 Vulnerability in Tableau
2014-07-18 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
FreeBSD-SA-14:23.openssl
2014-10-21 00:00:00
redhat
redhat
(RHSA-2014:1052) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:1054) Moderate: openssl security update
2014-08-14 00:00:00
(RHSA-2014:1053) Moderate: openssl security update
2014-08-13 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-08-13 00:00:00
openssl security update
2014-10-16 00:00:00
centos
centos
openssl security update
2014-08-13 20:10:43
f5
f5
K15573 : OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2015-09-15 00:00:00
SOL15573 - OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2014-09-05 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: openssl-1.0.1e-40.fc19
2014-10-19 13:22:31
[SECURITY] Fedora 20 Update: openssl-1.0.1e-40.fc20
2014-10-18 16:57:46
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20
2014-08-09 07:36:05
suse
suse
Security update for openssl1 (important)
2014-11-04 23:04:45
update for openssl (important)
2014-10-29 16:05:00
Security update for OpenSSL (important)
2014-11-11 00:05:06
archlinux
archlinux
openssl: denial of service / man-in-the-middle / poodle mitigation
2014-10-16 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.947 High

EPSS

Percentile

99.2%

JSON
Related for GLSA-201412-39
nessus52openvas38ibm64altlinux5freebsd2mageia1aix1amazon2osv2debian4slackware2huawei1ubuntu1securityvulns3kaspersky2freebsd_advisory2redhat3oraclelinux2centos1f52fedora5suse3archlinux1