CVE-2014-3571
published 2015-01-09CVE-2014-3571: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
22.96%
97.5th percentile
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| cisco | products | — | — |
| debian | openssl | < openssl 1.0.1k-1 (bookworm) | openssl 1.0.1k-1 (bookworm) |
| openssl | openssl | <= 0.9.8zc | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_cisco5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hrxr-3c76-p924: OpenSSL before 0
ghsa_unreviewed·2022-05-17
CVE-2014-3571 [MEDIUM] GHSA-hrxr-3c76-p924: OpenSSL before 0
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
OSV
openssl vulnerabilities
osv·2015-01-12·CVSS 5.0
CVE-2014-3570 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring.
(CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted
DTLS messages. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could possibly use this issue to downgrade to
ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that
OpenSSL incorrectly handled certain certificate fingerprints. A remote
attacker could possibly use this issue to trick certain applications that
rely on the uniqueness of fingerprints.
OSV
CVE-2014-3571: OpenSSL before 0
osv·2015-01-09·CVSS 5.0
CVE-2014-3571 [MEDIUM] CVE-2014-3571: OpenSSL before 0
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco·2015-03-10·CVSS 5.0
CVE-2014-3569 [MEDIUM] CWE-20 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:
CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability
CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability
CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability
CVE-2014-3572: OpenSSL Elliptic Curve Crypt
BSD
FreeBSD-SA-15:01.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2015-01-14·CVSS 5.0
CVE-2014-3569 [MEDIUM] FreeBSD-SA-15:01.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-15:01.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2015-01-14
Affects: All supported versions of FreeBSD.
Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)
2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)
2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)
2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)
2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)
2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)
2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)
CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572
CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the f
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2015-01-12·CVSS 5.0
CVE-2014-3570 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring.
(CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted
DTLS messages. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could possibly use this issue to downgrade to
ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that
OpenSSL incorrectly handled certain certificate fingerprints. A remote
attacker could possibly use this issue to trick c
Red Hat
openssl: DTLS segmentation fault in dtls1_get_record
vendor_redhat·2015-01-08·CVSS 5.0
CVE-2014-3571 [MEDIUM] openssl: DTLS segmentation fault in dtls1_get_record
openssl: DTLS segmentation fault in dtls1_get_record
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.
Statement: This issue does not affect the version of openssl097a as shipped with Red Hat Enterprise Linux 5. This issue affects the version of openssl098e as
Debian
CVE-2014-3571: openssl - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remo...
vendor_debian·2014·CVSS 5.0
CVE-2014-3571 [MEDIUM] CVE-2014-3571: openssl - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remo...
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
Scope: local
bookworm: resolved (fixed in 1.0.1k-1)
bullseye: resolved (fixed in 1.0.1k-1)
forky: resolved (fixed in 1.0.1k-1)
sid: resolved (fixed in 1.0.1k-1)
trixie: resolved (fixed in 1.0.1k-1)
Apple
CVE-2014-3571: OS X Yosemite v10.10.3 and Security Update 2015-004
vendor_apple·CVSS 5.0
CVE-2014-3571 [MEDIUM] CVE-2014-3571: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple Security Update: About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004
Product: OS X Yosemite v10.10.3 and Security Update 2015-004
CVE: CVE-2014-3571
Component: CVE-2014-3571
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-8275 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-8275: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2015-0204 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2015-0204: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-3570 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-3570: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-3572 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-3572: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2015-0205 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2015-0205: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-3569 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-3569: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-3571 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-3571: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2015-0206 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2015-0206: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
No detection rules found.
No public exploits indexed.
Tenable
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities
blogs_tenable·2017-01-31
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2014-3570 CVE-2014-3571 CVE-2015-0205 CVE-2015-0206 openssl: various flaws [fedora-all]
bugzilla·2015-01-12·CVSS 5.0
CVE-2014-3570 [MEDIUM] CVE-2014-3570 CVE-2014-3571 CVE-2015-0205 CVE-2015-0206 openssl: various flaws [fedora-all]
CVE-2014-3570 CVE-2014-3571 CVE-2015-0205 CVE-2015-0206 openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supporte
Bugzilla
CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record
bugzilla·2015-01-08·CVSS 5.0
CVE-2014-3571 [MEDIUM] CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record
CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record
OpenSSL released security advisory [1] which fixes the below issue:
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference. This could lead to a Denial Of Service attack.
[1]: https://www.openssl.org/news/secadv_20150108.txt
Discussion:
Upstream commits that look to fix the problem:
https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b
https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d
External References:
https://www.openssl.org/news/secadv_20150108.txt
---
Created openssl tracking bugs for this issue:
Affects: fedora-all [bug 1181013]
---
openssl-1.0.1k-1.fc21 has been pushed to the Fedora 21 st
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=142496179803395&w=2http://marc.info/?l=bugtraq&m=142496289803847&w=2http://marc.info/?l=bugtraq&m=142721102728110&w=2http://marc.info/?l=bugtraq&m=142895206924048&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144050205101530&w=2http://marc.info/?l=bugtraq&m=144050254401665&w=2http://marc.info/?l=bugtraq&m=144050297101809&w=2http://rhn.redhat.com/errata/RHSA-2015-0066.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslhttp://www.debian.org/security/2015/dsa-3125http://www.mandriva.com/security/advisories?name=MDVSA-2015:019http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/71937http://www.securitytracker.com/id/1033378https://bto.bluecoat.com/security-advisory/sa88https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652bhttps://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785dhttps://kc.mcafee.com/corporate/index?page=content&id=SB10102https://kc.mcafee.com/corporate/index?page=content&id=SB10108https://support.apple.com/HT204659https://www.openssl.org/news/secadv_20150108.txthttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=142496179803395&w=2http://marc.info/?l=bugtraq&m=142496289803847&w=2http://marc.info/?l=bugtraq&m=142721102728110&w=2http://marc.info/?l=bugtraq&m=142895206924048&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144050205101530&w=2http://marc.info/?l=bugtraq&m=144050254401665&w=2http://marc.info/?l=bugtraq&m=144050297101809&w=2http://rhn.redhat.com/errata/RHSA-2015-0066.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslhttp://www.debian.org/security/2015/dsa-3125http://www.mandriva.com/security/advisories?name=MDVSA-2015:019http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/71937http://www.securitytracker.com/id/1033378https://bto.bluecoat.com/security-advisory/sa88https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652bhttps://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785dhttps://kc.mcafee.com/corporate/index?page=content&id=SB10102https://kc.mcafee.com/corporate/index?page=content&id=SB10108https://support.apple.com/HT204659https://www.openssl.org/news/secadv_20150108.txt
2015-01-09
Published