Difference between revisions of "Security Advisories"
From OpenSSLWiki
Jump to navigationJump to searchm |
m (correct linked page name) |
||
Line 35: | Line 35: | ||
| OpenSSL-1.0.1g | | OpenSSL-1.0.1g | ||
OpenSSL-1.0.2-beta2 | OpenSSL-1.0.2-beta2 | ||
− | | [[ | + | | [[SECADV_20140407]] |
|- | |- | ||
|- | |- | ||
|} | |} |
Revision as of 23:29, 5 June 2014
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.
These are announced to the openssl-announce mailing list and generally also copied to the openssl-users and openssl-dev mailing lists and noted in the official OpenSSL Vulnerabilities List.
If you think your have discovered a problem that has security implications then send details to openssl-security@openssl.org
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.
Date | Advisory | Description | CVE | Affected Versions | Fixed In Versions | Additional Information |
---|---|---|---|---|---|---|
05-Jun-2014 | SECADV_20140605 | SSL/TLS MITM vulnerability (and others) | CVE-2014-0224 | OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | SECADV_20140605 |
07-Apr-2014 | SECADV_20140407 | TLS heartbeat read overrun | CVE-2014-1060 | OpenSSL-1.0.1a to OpenSSL-1.0.1f
OpenSSL-1.0.2 betas |
OpenSSL-1.0.1g
OpenSSL-1.0.2-beta2 |
SECADV_20140407 |