Difference between revisions of "Security Advisories"
From OpenSSLWiki
Jump to navigationJump to searchm (Added OSS Security mailing list for advanced notice to vendors.) |
|||
(One intermediate revision by one other user not shown) | |||
Line 2: | Line 2: | ||
These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]. | These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]. | ||
− | |||
− | |||
If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org] | If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org] | ||
Line 24: | Line 22: | ||
| SSL/TLS MITM vulnerability (and others) | | SSL/TLS MITM vulnerability (and others) | ||
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] | | [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] | ||
− | | OpenSSL-0.9.8a- | + | | OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g |
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | ||
| [[SECADV_20140605]] | | [[SECADV_20140605]] |
Latest revision as of 17:58, 8 June 2014
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.
These are announced to the openssl-announce mailing list and generally also copied to the openssl-users and openssl-dev mailing lists and noted in the official OpenSSL Vulnerabilities List.
If you think your have discovered a problem that has security implications then send details to openssl-security@openssl.org
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.
Date | Advisory | Description | CVE | Affected Versions | Fixed In Versions | Additional Information |
---|---|---|---|---|---|---|
05-Jun-2014 | SECADV_20140605 | SSL/TLS MITM vulnerability (and others) | CVE-2014-0224 | OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | SECADV_20140605 |
07-Apr-2014 | SECADV_20140407 | TLS heartbeat read overrun | CVE-2014-1060 | OpenSSL-1.0.1a to OpenSSL-1.0.1f
OpenSSL-1.0.2 betas |
OpenSSL-1.0.1g
OpenSSL-1.0.2-beta2 |
SECADV_20140407 |