USN-2165-1: OpenSSL vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | March 25, 2014 | April 08, 2014 | July 04, 2017 |
Available Exploits 
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- BID-66363
- BID-66690
- CERT-TA14-098A
- CERT-VN-720951
- CVE-2014-0076
- CVE-2014-0160
- DEBIAN-DSA-2896
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0033046
- DISA_VMSKEY-V0052625
- DISA_VMSKEY-V0053201
- DISA_VMSKEY-V0060737
- IAVM-2012-A-0104
- IAVM-2014-A-0100
- IAVM-2014-B-0077
- IAVM-2015-A-0113
- REDHAT-RHSA-2014:0376
- REDHAT-RHSA-2014:0377
- REDHAT-RHSA-2014:0378
- REDHAT-RHSA-2014:0396
- SUSE-SUSE-SA:2014:002
- USN-USN-2165-1
Solution
ubuntu-upgrade-libssl1-0-0Related Vulnerabilities
- F5 Networks: K15159 (CVE-2014-0160): OpenSSL vulnerability CVE-2014-0160
- RHSA-2014:0376: openssl security update
- Juniper Junos OS: ECDSA nonce disclosure using side-channel attack (JSA10629) (CVE-2014-0076)
- VMware Workstation: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0160)
- VMware Workstation: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0076)
- Gentoo Linux: CVE-2014-0160: AMD64 x86 emulation base libraries: Multiple vulnerabilities
- HP Systems Insight Manager - (Multiple Advisories) (CVE-2014-0160): Bundled Software running OpenSSL, Remote Disclosure of Information
- HP System Management Homepage - HPSBMU02998 (CVE-2014-0160): OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
- OpenSSL Heartbleed Vulnerability (CVE-2014-0160)
- VMware Player: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0160)
- VMSA-2014-0004: Information Disclosure vulnerability in OpenSSL third party library (CVE-2014-0160)
- FreeBSD: OpenSSL -- Local Information Disclosure (FreeBSD-SA-14:06.openssl) (CVE-2014-0076)
- HP Systems Insight Manager - HPSBMU03076 (CVE-2014-0076): Linux and Windows running OpenSSL, Multiple Vulnerabilities
- Cisco NX-OS: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products (Multiple CVEs)
- RHSA-2014:0396: rhev-hypervisor6 security update
- HP System Management Homepage - HPSBMU03051 (CVE-2014-0076): OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- SUSE: CVE-2014-0076: SUSE Linux Security Advisory
- VMSA-2014-0004: Information Disclosure vulnerability in OpenSSL third party library (CVE-2014-0076)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- RHSA-2014:0378: rhev-hypervisor6 security update
- OpenSSL vulnerability (CVE-2014-0076)
- Google Android Vulnerability: CVE-2014-0160
- OS X update for Note: (CVE-2014-0076)
- RHSA-2014:0416: rhevm-spice-client security update
- SUSE: CVE-2014-0160: SUSE Linux Security Advisory
- Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products (Multiple CVEs)
- FreeBSD: OpenSSL -- Remote Information Disclosure (FreeBSD-SA-14:06.openssl) (CVE-2014-0160)
- Oracle Linux: CVE-2014-0160: ELSA-2016-3558 - openssl security update
- ELSA-2014-1652 Important: Oracle Linux openssl security update
- DSA-2908-1 openssl -- security update
- Oracle Solaris 11: CVE-2014-0076: Vulnerability in OpenSSL
- HP-UX: CVE-2014-0076: Remote Denial of Service (DoS)
- VMware Player: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0076)
- Cent OS: CVE-2014-0160: CESA-2014:0376 (openssl)
- OS X update for OpenSSL (CVE-2014-0076)
- VMware Fusion: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0076)
- Gentoo Linux: CVE-2014-0076: OpenSSL: Information Disclosure
- ELSA-2014-0376 Important: Oracle Linux openssl security update
- Amazon Linux AMI: Security patch for openssl (ALAS-2014-320) (multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- DSA-2896-1 openssl -- security update
- Juniper Junos OS: 2014-04 Out of Cycle Security Bulletin: Multiple products affected by OpenSSL "Heartbleed" issue (JSA10623) (CVE-2014-0160)
- Oracle Solaris 11: CVE-2014-0160: Vulnerability in OpenSSL
- VMware Fusion: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0160)
- Cisco IOS: cisco-sa-20140605-openssl: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products