CVE-2015-1791
published 2015-06-12CVE-2015-1791: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
15.97%
96.5th percentile
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
Affected
46 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.5_and_security_update_2015-006 | — | — |
| cisco | products | — | — |
| debian | openssl | < openssl 1.0.2b-1 (bookworm) | openssl 1.0.2b-1 (bookworm) |
| openssl | openssl | <= 0.9.8zf | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_cisco7.8HIGH
vendor_ubuntu7.5HIGH
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f894-wgvp-qh5g: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt
ghsa_unreviewed·2022-05-13
CVE-2015-1791 [MEDIUM] CWE-362 GHSA-f894-wgvp-qh5g: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
OSV
CVE-2015-1791: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt
osv·2015-06-12·CVSS 6.8
CVE-2015-1791 [MEDIUM] CVE-2015-1791: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
OSV
openssl vulnerabilities
osv·2015-06-11·CVSS 7.5
CVE-2014-8176 [HIGH] openssl vulnerabilities
openssl vulnerabilities
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that
OpenSSL incorrectly handled memory when buffering DTLS data. A remote
attacker could use this issue to cause OpenSSL to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2014-8176)
Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed
ECParameters structures. A remote attacker could use this issue to cause
OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)
Robert Swiecki and Hanno Böck discovered that OpenSSL incorrectly handled
certain ASN1_TIME strings. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2015-1789)
Michal Zalewski discovered that OpenSSL incorrectly handle
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
vendor_paloalto·2024-11-07·CVSS 6.8
CVE-2014-0195 [MEDIUM] PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the
CVEs: CVE-2014-0195, CVE-2014-0224, CVE-2014-3509, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2015-0209, CVE-2015-0292, CVE-2015-1789, CVE-2015-1791, CVE-2015-1793, CVE-2015-3194, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2019-1551, CVE-2019-1552, CVE-2019-1559, CVE-2019-1563, CVE-2020-196
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Palo Alto
PAN-SA-2016-0028 OpenSSL Vulnerabilities
vendor_paloalto·2016-10-18·CVSS 7.5
CVE-2015-4000 [HIGH] CWE-119 PAN-SA-2016-0028 OpenSSL Vulnerabilities
PAN-SA-2016-0028 OpenSSL Vulnerabilities
The OpenSSL library has been found to contain several vulnerabilities CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-48954/81411) The OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from low to moderate but have not been shown to be exploitable at the time of this advisory. This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier CVE CVSS Summary CVE-2014-8176 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P The dtls1_clear_queues function in ssl/d1_lib.c in OpenSS
Palo Alto
PAN-SA-2016-0020 OpenSSL Vulnerabilities
vendor_paloalto·2016-08-15·CVSS 7.5
CVE-2014-8176 [HIGH] CWE-119 PAN-SA-2016-0020 OpenSSL Vulnerabilities
PAN-SA-2016-0020 OpenSSL Vulnerabilities
The OpenSSL library has been found to contain several vulnerabilities CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1794, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2842. Palo Alto Networks software makes use of the vulnerable library. (Ref # 95622). The OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from low to high but, have not been shown to be exploitable at the time of this advisory. This issue affects PAN-OS 5.0.X; PAN-OS-5.1.X; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earl
Cisco
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
vendor_cisco·2015-06-12·CVSS 7.8
CVE-2014-8176 [HIGH] CWE-119 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research.
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory.
This advisory will be updated as additional information becomes available.
Cisco will release software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities may be available.
This advisory is available at the followi
BSD
FreeBSD-SA-15:10.openssl: Multiple OpenSSL vulnerabilities
bsd_advisories·2015-06-12·CVSS 4.3
CVE-2014-8176 [MEDIUM] FreeBSD-SA-15:10.openssl: Multiple OpenSSL vulnerabilities
FreeBSD-SA-15:10.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib
Module: openssl
Announced: 2015-06-12
Affects: All supported versions of FreeBSD.
Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)
2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)
2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)
2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)
2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)
2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)
CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791
CVE-2015-1792, CVE-2015-4000
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Backg
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2015-06-11·CVSS 7.5
CVE-2014-8176 [HIGH] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that
OpenSSL incorrectly handled memory when buffering DTLS data. A remote
attacker could use this issue to cause OpenSSL to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2014-8176)
Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed
ECParameters structures. A remote attacker could use this issue to cause
OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)
Robert Swiecki and Hanno Böck discovered that OpenSSL incorrectly handled
certain ASN1_TIME strings. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2015-1
Red Hat
OpenSSL: Race condition handling NewSessionTicket
vendor_redhat·2015-06-11·CVSS 6.8
CVE-2015-1791 [MEDIUM] OpenSSL: Race condition handling NewSessionTicket
OpenSSL: Race condition handling NewSessionTicket
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash.
Statement: This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.
P
Debian
CVE-2015-1791: openssl - Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in O...
vendor_debian·2015·CVSS 6.8
CVE-2015-1791 [MEDIUM] CVE-2015-1791: openssl - Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in O...
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
Scope: local
bookworm: resolved (fixed in 1.0.2b-1)
bullseye: resolved (fixed in 1.0.2b-1)
forky: resolved (fixed in 1.0.2b-1)
sid: resolved (fixed in 1.0.2b-1)
trixie: resolved (fixed in 1.0.2b-1)
Cisco
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
vendor_cisco
CVE-2015-1791 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
CVE-2015-1791: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory. This advisory will be updated as additional information becomes available. Cisco will release software updates that address these vulnerabilities.
CWE: CWE-119, CWE-20, CWE-399, CWE-119, CWE-20, CWE-399
Bug IDs: CSCuu74320, CSCuu82329, CSCuu8233
Apple
CVE-2015-1791: OS X Yosemite v10.10.5 and Security Update 2015-006
vendor_apple·CVSS 6.8
CVE-2015-1791 [MEDIUM] CVE-2015-1791: OS X Yosemite v10.10.5 and Security Update 2015-006
Apple Security Update: About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006
Product: OS X Yosemite v10.10.5 and Security Update 2015-006
CVE: CVE-2015-1791
Component: CVE-2015-1791
No detection rules found.
No public exploits indexed.
arXiv
Mens Sana In Corpore Sano: Sound Firmware Corpora for Vulnerability Research
arxiv_fulltext·2024-11-21
Mens Sana In Corpore Sano: Sound Firmware Corpora for Vulnerability Research
Mens Sana In Corpore Sano:\ Firmware Corpora for Vulnerability Research
René Helmke1,
Elmar Padilla1, and
Nils Aschenbruck^
1Fraunhofer FKIE, Cyber Analysis & Defense, Germany, \firstname.lastname\@fkie.fraunhofer.de
^ Osnabrück University, Distributed Systems Group, Germany, [email protected]
## Abstract
Firmware corpora for vulnerability research should be scientifically sound.
Yet, several practical challenges complicate the creation of sound corpora:
Sample acquisition, e.g., is hard and one must overcome the barrier of proprietary or encrypted data.
As image contents are unknown prior analysis,
it is hard to select high-quality samples that can satisfy scientific demands.
Ideally, we help each other out by sharing data.
But here, sharing is problematic due to copyright laws.
Inste
Bugzilla
CVE-2015-3216 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 CVE-2014-8176: OpenSSL multiple security issues [fedora-all]
bugzilla·2015-06-12·CVSS 7.5
CVE-2015-3216 [HIGH] CVE-2015-3216 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 CVE-2014-8176: OpenSSL multiple security issues [fedora-all]
CVE-2015-3216 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 CVE-2014-8176: OpenSSL multiple security issues [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOT
Bugzilla
CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket
bugzilla·2015-06-05·CVSS 6.8
CVE-2015-1791 [MEDIUM] CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket
CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket
The following was reported by OpenSSL upstream:
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2b
OpenSSL 1.0.1 users should upgrade to 1.0.1n
OpenSSL 1.0.0 users should upgrade to 1.0.0s
OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.
Acknowledgements:
Red Hat would like to thank the OpenSSL project for reporting
Tenable
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities
blogs_tenable·2017-01-31
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.aschttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=143880121627664&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1115.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslhttp://www-304.ibm.com/support/docview.wss?uid=swg21960041http://www.debian.org/security/2015/dsa-3287http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/75161http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1032479http://www.ubuntu.com/usn/USN-2639-1https://bto.bluecoat.com/security-advisory/sa98https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afchttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965https://kc.mcafee.com/corporate/index?page=content&id=SB10122https://openssl.org/news/secadv/20150611.txthttps://security.gentoo.org/glsa/201506-02https://support.apple.com/kb/HT205031https://support.citrix.com/article/CTX216642https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11https://www.openssl.org/news/secadv_20150611.txthttp://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.aschttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=143880121627664&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1115.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslhttp://www-304.ibm.com/support/docview.wss?uid=swg21960041http://www.debian.org/security/2015/dsa-3287http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/75161http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1032479http://www.ubuntu.com/usn/USN-2639-1https://bto.bluecoat.com/security-advisory/sa98https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afchttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965https://kc.mcafee.com/corporate/index?page=content&id=SB10122https://openssl.org/news/secadv/20150611.txthttps://security.gentoo.org/glsa/201506-02https://support.apple.com/kb/HT205031https://support.citrix.com/article/CTX216642https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11https://www.openssl.org/news/secadv_20150611.txt
2015-06-12
Published