Difference between revisions of "Security Advisories"
From OpenSSLWiki
Jump to navigationJump to search (Page of references to additional information related to a security advisory) |
|||
| (6 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix. | When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix. | ||
| Line 19: | Line 17: | ||
! scope="col" | Fixed In Versions | ! scope="col" | Fixed In Versions | ||
! scope="col" class="unsortable" | Additional Information | ! scope="col" class="unsortable" | Additional Information | ||
| + | |- | ||
| + | | 05-Jun-2014 | ||
| + | | [https://www.openssl.org/news/secadv_20140605.txt SECADV_20140605] | ||
| + | | SSL/TLS MITM vulnerability (and others) | ||
| + | | [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] | ||
| + | | OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g | ||
| + | | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | ||
| + | | [[SECADV_20140605]] | ||
| + | |- | ||
|- | |- | ||
| 07-Apr-2014 | | 07-Apr-2014 | ||
| − | | [https://www.openssl.org/news/secadv_20140407.txt | + | | [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407] |
| TLS heartbeat read overrun | | TLS heartbeat read overrun | ||
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] | | [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] | ||
| Line 28: | Line 35: | ||
| OpenSSL-1.0.1g | | OpenSSL-1.0.1g | ||
OpenSSL-1.0.2-beta2 | OpenSSL-1.0.2-beta2 | ||
| − | | [[ | + | | [[SECADV_20140407]] |
|- | |- | ||
|- | |- | ||
|} | |} | ||
Latest revision as of 17:58, 8 June 2014
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.
These are announced to the openssl-announce mailing list and generally also copied to the openssl-users and openssl-dev mailing lists and noted in the official OpenSSL Vulnerabilities List.
If you think your have discovered a problem that has security implications then send details to openssl-security@openssl.org
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.
| Date | Advisory | Description | CVE | Affected Versions | Fixed In Versions | Additional Information |
|---|---|---|---|---|---|---|
| 05-Jun-2014 | SECADV_20140605 | SSL/TLS MITM vulnerability (and others) | CVE-2014-0224 | OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | SECADV_20140605 |
| 07-Apr-2014 | SECADV_20140407 | TLS heartbeat read overrun | CVE-2014-1060 | OpenSSL-1.0.1a to OpenSSL-1.0.1f
OpenSSL-1.0.2 betas |
OpenSSL-1.0.1g
OpenSSL-1.0.2-beta2 |
SECADV_20140407 |
