Difference between revisions of "Security Advisories"
From OpenSSLWiki
Jump to navigationJump to searchm |
|||
(3 intermediate revisions by 2 users not shown) | |||
Line 22: | Line 22: | ||
| SSL/TLS MITM vulnerability (and others) | | SSL/TLS MITM vulnerability (and others) | ||
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] | | [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224] | ||
− | | OpenSSL-0.9.8a- | + | | OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g |
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | ||
| [[SECADV_20140605]] | | [[SECADV_20140605]] | ||
Line 35: | Line 35: | ||
| OpenSSL-1.0.1g | | OpenSSL-1.0.1g | ||
OpenSSL-1.0.2-beta2 | OpenSSL-1.0.2-beta2 | ||
− | | [[ | + | | [[SECADV_20140407]] |
|- | |- | ||
|- | |- | ||
|} | |} |
Latest revision as of 17:58, 8 June 2014
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.
These are announced to the openssl-announce mailing list and generally also copied to the openssl-users and openssl-dev mailing lists and noted in the official OpenSSL Vulnerabilities List.
If you think your have discovered a problem that has security implications then send details to openssl-security@openssl.org
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.
Date | Advisory | Description | CVE | Affected Versions | Fixed In Versions | Additional Information |
---|---|---|---|---|---|---|
05-Jun-2014 | SECADV_20140605 | SSL/TLS MITM vulnerability (and others) | CVE-2014-0224 | OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | SECADV_20140605 |
07-Apr-2014 | SECADV_20140407 | TLS heartbeat read overrun | CVE-2014-1060 | OpenSSL-1.0.1a to OpenSSL-1.0.1f
OpenSSL-1.0.2 betas |
OpenSSL-1.0.1g
OpenSSL-1.0.2-beta2 |
SECADV_20140407 |