Difference between revisions of "Security Advisories"

From OpenSSLWiki
Jump to: navigation, search
(Page of references to additional information related to a security advisory)
 
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Security Advisories =
 
 
 
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.  
 
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.  
  
Line 19: Line 17:
 
! scope="col" | Fixed In Versions
 
! scope="col" | Fixed In Versions
 
! scope="col" class="unsortable" | Additional Information
 
! scope="col" class="unsortable" | Additional Information
 +
|-
 +
| 05-Jun-2014
 +
| [https://www.openssl.org/news/secadv_20140605.txt SECADV_20140605]
 +
| SSL/TLS MITM vulnerability (and others)
 +
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224]
 +
| OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g
 +
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h
 +
| [[SECADV_20140605]]
 +
|-
 
|-
 
|-
 
| 07-Apr-2014  
 
| 07-Apr-2014  
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477]  
+
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140407]  
 
| TLS heartbeat read overrun
 
| TLS heartbeat read overrun
 
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060]  
 
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060]  
Line 28: Line 35:
 
| OpenSSL-1.0.1g  
 
| OpenSSL-1.0.1g  
 
OpenSSL-1.0.2-beta2
 
OpenSSL-1.0.2-beta2
| [[SECADV_2014047]]
+
| [[SECADV_20140407]]
 
|-
 
|-
 
|-
 
|-
 
|}
 
|}

Latest revision as of 17:58, 8 June 2014

When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.

These are announced to the openssl-announce mailing list and generally also copied to the openssl-users and openssl-dev mailing lists and noted in the official OpenSSL Vulnerabilities List.

If you think your have discovered a problem that has security implications then send details to openssl-security@openssl.org

The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.

OpenSSL Security Advisories Additional Information
Date Advisory Description CVE Affected Versions Fixed In Versions Additional Information
05-Jun-2014 SECADV_20140605 SSL/TLS MITM vulnerability (and others) CVE-2014-0224 OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h SECADV_20140605
07-Apr-2014 SECADV_20140407 TLS heartbeat read overrun CVE-2014-1060 OpenSSL-1.0.1a to OpenSSL-1.0.1f

OpenSSL-1.0.2 betas

OpenSSL-1.0.1g

OpenSSL-1.0.2-beta2

SECADV_20140407