Openssl 1.0.1.g security issue
This document (7015189) is provided subject to the disclaimer at the end of this document.
- SSL/TLS MITM vulnerability. (CVE-2014-0224)
- DTLS recursion flaw. (CVE-2014-0221)
- DTLS invalid fragment vulnerability. (CVE-2014-0195)
- SSL_MODE_RELEASE_BUFFERS NULL pointer dereference. (CVE-2014-0198)
- Anonymous ECDH denial of service. (CVE-2014-3470)
For in depth details see the "Additional Information" section.
It is suggested to update to the latest released version of openssl to be current with security fixes.
CVE-2014-0195 and CVE-2014-0198 did not affect the openssl version 0.9.8j. For information about that version see TID 7015162.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7015189
- Creation Date: 13-Jun-2014
- Modified Date:28-Sep-2022
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com