Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2950-1
HistoryJun 05, 2014 - 12:00 a.m.

openssl - security update

2014-06-0500:00:00
Google
osv.dev
36

EPSS

0.973

Percentile

99.9%

JSON

Multiple vulnerabilities have been discovered in OpenSSL:

  • CVE-2014-0195
    Jueri Aedla discovered that a buffer overflow in processing DTLS
    fragments could lead to the execution of arbitrary code or denial
    of service.
  • CVE-2014-0221
    Imre Rad discovered the processing of DTLS hello packets is
    susceptible to denial of service.
  • CVE-2014-0224
    KIKUCHI Masashi discovered that carefully crafted handshakes can
    force the use of weak keys, resulting in potential man-in-the-middle
    attacks.
  • CVE-2014-3470
    Felix Groebert and Ivan Fratric discovered that the implementation of
    anonymous ECDH ciphersuites is suspectible to denial of service.

Additional information can be found at
<http://www.openssl.org/news/secadv_20140605.txt&gt;

For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u10. All applications linked to openssl need to
be restarted. You can use the tool checkrestart from the package
debian-goodies to detect affected programs or reboot your system. There’s
also a forthcoming security update for the Linux kernel later the day
(CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn’t it?

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your openssl packages.

Related

debian 4
openvas 36
nessus 82
ubuntu 4
mageia 1
ibm 39
freebsd_advisory 1
suse 6
freebsd 1
securityvulns 2
aix 1
osv 1
oraclelinux 2
gentoo 1
vmware 2
thn 1
redhat 3
centos 1
slackware 1
amazon 1
cisco 1
intel 1
fortinet 1
chrome 1
huawei 1
fedora 2
kaspersky 1
ics 1
debian
debian
[SECURITY] [DSA 2950-1] openssl security update
2014-06-05 11:51:34
[SECURITY] [DSA 2950-2] openssl update
2014-06-16 18:21:12
openssl security update
2014-06-05 19:36:04
openvas
openvas
Debian: Security Advisory (DSA-2950-1)
2014-06-04 00:00:00
Debian Security Advisory DSA 2950-1 (openssl - security update)
2014-06-05 00:00:00
Ubuntu: Security Advisory (USN-2232-4)
2014-08-19 00:00:00
nessus
nessus
Debian DSA-2950-1 : openssl - security update
2014-06-06 00:00:00
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2232-1)
2014-06-06 00:00:00
pfSense < 2.1.4 Multiple Vulnerabilities ( SA-14_07 )
2018-03-21 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-06-05 00:00:00
OpenSSL regression
2014-06-12 00:00:00
OpenSSL regression
2014-06-23 00:00:00
mageia
mageia
Updated openssl packages fix multiple vulnerabilties
2014-06-06 14:31:01
ibm
ibm
Security Bulletin: IBM Tivoli Network Manager IP Edition V39 Fix Pack 4 HTTPS support for Perl Collector install is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470)
2018-06-17 14:42:56
Security Bulletin: Tivoli Workload Scheduler is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470
2018-06-17 14:44:05
Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470)
2018-06-17 14:42:46
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:14.openssl
2014-06-05 00:00:00
suse
suse
update to version 1.0.0m (critical)
2014-06-06 12:04:17
openssl: update to version 1.0.1h (critical)
2014-06-06 11:04:41
Security update for OpenSSL 1.0 (critical)
2014-06-06 09:04:15
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-06-05 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-06-06 00:00:00
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
2014-08-26 00:00:00
aix
aix
AIX OpenSSL Vulnerabilities (Multiple CVEs)
2014-06-11 06:39:27
osv
osv
openssl - security update
2014-06-05 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-07-23 00:00:00
openssl security update
2014-06-05 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-07-27 00:00:00
vmware
vmware
VMware product updates address OpenSSL security vulnerabilities
2014-06-10 00:00:00
VMware product updates address OpenSSL security vulnerabilities
2014-06-10 00:00:00
thn
thn
OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs
2014-06-05 05:49:00
redhat
redhat
(RHSA-2014:0628) Important: openssl security update
2014-06-05 00:00:00
(RHSA-2014:0679) Important: openssl security update
2014-06-10 00:00:00
(RHSA-2014:0625) Important: openssl security update
2014-06-05 00:00:00
centos
centos
openssl security update
2014-06-05 13:06:47
slackware
slackware
[slackware-security] openssl
2014-06-06 05:27:11
amazon
amazon
Important: openssl
2014-06-04 15:45:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
2014-06-05 22:40:00
intel
intel
Multiple Security Issues with Intel® Manycore Platform Software Stack (Intel® MPSS) release 3.x
2014-08-26 00:00:00
fortinet
fortinet
Multiple Vulnerabilities in OpenSSL
2014-06-06 00:00:00
chrome
chrome
Stable Channel Update for Chrome OS
2014-06-10 00:00:00
huawei
huawei
Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products
2014-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: openssl-1.0.1e-38.fc19
2014-06-05 21:54:15
[SECURITY] Fedora 20 Update: openssl-1.0.1e-38.fc20
2014-06-05 21:55:11
kaspersky
kaspersky
KLA10382 Multiple vulnerabilities in VMware
2014-06-10 00:00:00
ics
ics
Siemens OpenSSL Vulnerabilities (Update G)
2018-08-29 12:00:00

EPSS

0.973

Percentile

99.9%

JSON
Related for OSV:DSA-2950-1
debian4openvas36nessus82ubuntu4mageia1ibm39freebsd_advisory1suse6freebsd1securityvulns2aix1osv1oraclelinux2gentoo1vmware2thn1redhat3centos1slackware1amazon1cisco1intel1fortinet1chrome1huawei1fedora2kaspersky1ics1