rhsa-2014_0628
Vulnerability from csaf_redhat
Published
2014-06-05 12:12
Modified
2024-11-22 08:21
Summary
Red Hat Security Advisory: openssl security update

Notes

Topic
Updated openssl packages that fix multiple security issues are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Storage 2.1.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0628",
        "url": "https://access.redhat.com/errata/RHSA-2014:0628"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/articles/904433",
        "url": "https://access.redhat.com/site/articles/904433"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/solutions/906703",
        "url": "https://access.redhat.com/site/solutions/906703"
      },
      {
        "category": "external",
        "summary": "1087195",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087195"
      },
      {
        "category": "external",
        "summary": "1093837",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093837"
      },
      {
        "category": "external",
        "summary": "1103586",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
      },
      {
        "category": "external",
        "summary": "1103593",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593"
      },
      {
        "category": "external",
        "summary": "1103598",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
      },
      {
        "category": "external",
        "summary": "1103600",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0628.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security update",
    "tracking": {
      "current_release_date": "2024-11-22T08:21:18+00:00",
      "generator": {
        "date": "2024-11-22T08:21:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2014:0628",
      "initial_release_date": "2014-06-05T12:12:30+00:00",
      "revision_history": [
        {
          "date": "2014-06-05T12:12:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-06-05T12:12:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T08:21:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Storage Server 2.1",
                "product": {
                  "name": "Red Hat Storage Server 2.1",
                  "product_id": "6Server-RHS-6.4.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:storage:2.1:server:el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Gluster Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
                "product": {
                  "name": "openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_id": "openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-16.el6_5.14?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-static-0:1.0.1e-16.el6_5.14.x86_64",
                "product": {
                  "name": "openssl-static-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_id": "openssl-static-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.1e-16.el6_5.14?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
                "product": {
                  "name": "openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_id": "openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-16.el6_5.14?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-0:1.0.1e-16.el6_5.14.x86_64",
                "product": {
                  "name": "openssl-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_id": "openssl-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.0.1e-16.el6_5.14?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
                "product": {
                  "name": "openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_id": "openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-16.el6_5.14?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-0:1.0.1e-16.el6_5.14.src",
                "product": {
                  "name": "openssl-0:1.0.1e-16.el6_5.14.src",
                  "product_id": "openssl-0:1.0.1e-16.el6_5.14.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.0.1e-16.el6_5.14?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-0:1.0.1e-16.el6_5.14.src as a component of Red Hat Storage Server 2.1",
          "product_id": "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src"
        },
        "product_reference": "openssl-0:1.0.1e-16.el6_5.14.src",
        "relates_to_product_reference": "6Server-RHS-6.4.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-0:1.0.1e-16.el6_5.14.x86_64 as a component of Red Hat Storage Server 2.1",
          "product_id": "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64"
        },
        "product_reference": "openssl-0:1.0.1e-16.el6_5.14.x86_64",
        "relates_to_product_reference": "6Server-RHS-6.4.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64 as a component of Red Hat Storage Server 2.1",
          "product_id": "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64"
        },
        "product_reference": "openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
        "relates_to_product_reference": "6Server-RHS-6.4.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-0:1.0.1e-16.el6_5.14.x86_64 as a component of Red Hat Storage Server 2.1",
          "product_id": "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64"
        },
        "product_reference": "openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
        "relates_to_product_reference": "6Server-RHS-6.4.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-0:1.0.1e-16.el6_5.14.x86_64 as a component of Red Hat Storage Server 2.1",
          "product_id": "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64"
        },
        "product_reference": "openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
        "relates_to_product_reference": "6Server-RHS-6.4.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-0:1.0.1e-16.el6_5.14.x86_64 as a component of Red Hat Storage Server 2.1",
          "product_id": "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
        },
        "product_reference": "openssl-static-0:1.0.1e-16.el6_5.14.x86_64",
        "relates_to_product_reference": "6Server-RHS-6.4.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-5298",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2014-04-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1087195"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: freelist misuse causing a possible use-after-free",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-5298"
        },
        {
          "category": "external",
          "summary": "RHBZ#1087195",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087195"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-5298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-5298"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-5298",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-5298"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv_20140605.txt",
          "url": "https://www.openssl.org/news/secadv_20140605.txt"
        }
      ],
      "release_date": "2014-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-05T12:12:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0628"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: freelist misuse causing a possible use-after-free"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "OpenSSL project"
          ]
        },
        {
          "names": [
            "J\u00fcri Aedla"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0195",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2014-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1103598"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Buffer overflow via DTLS invalid fragment",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the version of openssl as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0195"
        },
        {
          "category": "external",
          "summary": "RHBZ#1103598",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0195",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0195"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv_20140605.txt",
          "url": "https://www.openssl.org/news/secadv_20140605.txt"
        }
      ],
      "release_date": "2014-06-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-05T12:12:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0628"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openssl: Buffer overflow via DTLS invalid fragment"
    },
    {
      "cve": "CVE-2014-0198",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2014-05-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1093837"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0198"
        },
        {
          "category": "external",
          "summary": "RHBZ#1093837",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093837"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0198",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0198"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0198",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0198"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv_20140605.txt",
          "url": "https://www.openssl.org/news/secadv_20140605.txt"
        }
      ],
      "release_date": "2014-04-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-05T12:12:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0628"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "OpenSSL project"
          ]
        },
        {
          "names": [
            "Imre Rad"
          ],
          "organization": "Search-Lab",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0221",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2014-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1103593"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: DoS when sending invalid DTLS handshake",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0221"
        },
        {
          "category": "external",
          "summary": "RHBZ#1103593",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0221"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0221",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0221"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv_20140605.txt",
          "url": "https://www.openssl.org/news/secadv_20140605.txt"
        }
      ],
      "release_date": "2014-06-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-05T12:12:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0628"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: DoS when sending invalid DTLS handshake"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "OpenSSL project"
          ]
        },
        {
          "names": [
            "KIKUCHI Masashi"
          ],
          "organization": "Lepidum",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-0224",
      "cwe": {
        "id": "CWE-841",
        "name": "Improper Enforcement of Behavioral Workflow"
      },
      "discovery_date": "2014-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1103586"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: SSL/TLS MITM vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0224"
        },
        {
          "category": "external",
          "summary": "RHBZ#1103586",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
        },
        {
          "category": "external",
          "summary": "RHSB-OpenSSL-CCS-Injection",
          "url": "https://access.redhat.com/security/vulnerabilities/OpenSSL-CCS-Injection"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0224",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/site/articles/904433",
          "url": "https://access.redhat.com/site/articles/904433"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/site/solutions/905793",
          "url": "https://access.redhat.com/site/solutions/905793"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv_20140605.txt",
          "url": "https://www.openssl.org/news/secadv_20140605.txt"
        }
      ],
      "release_date": "2014-06-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-05T12:12:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0628"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openssl: SSL/TLS MITM vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "OpenSSL project"
          ]
        },
        {
          "names": [
            "Felix Gr\u00f6bert"
          ],
          "summary": "Acknowledged by upstream."
        },
        {
          "names": [
            "Ivan Fratri\u0107"
          ],
          "organization": "Google",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2014-3470",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2014-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1103600"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: client-side denial of service when using anonymous ECDH",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the openssl098e as shipped with Red Hat Enterprise Linux 6.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
          "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
          "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-3470"
        },
        {
          "category": "external",
          "summary": "RHBZ#1103600",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3470",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3470"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv_20140605.txt",
          "url": "https://www.openssl.org/news/secadv_20140605.txt"
        }
      ],
      "release_date": "2014-06-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-05T12:12:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0628"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.src",
            "6Server-RHS-6.4.z:openssl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-debuginfo-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-devel-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-perl-0:1.0.1e-16.el6_5.14.x86_64",
            "6Server-RHS-6.4.z:openssl-static-0:1.0.1e-16.el6_5.14.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: client-side denial of service when using anonymous ECDH"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.