FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3567

This CVE name corresponds to:

Entered Topic
2014-10-15 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3567 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3567
Phase Assigned(20140514)

Description

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.

References

Source Reference
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7fd4ce6a997be5f5c9e744ac527725c2850de203
CONFIRM https://www.openssl.org/news/secadv_20141015.txt
CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
CONFIRM http://advisories.mageia.org/MGASA-2014-0416.html
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
CONFIRM http://www.splunk.com/view/SP-CAAANST
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM http://support.apple.com/HT204244
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
CONFIRM https://support.apple.com/HT205217
APPLE APPLE-SA-2015-01-27-4
APPLE APPLE-SA-2015-09-16-2
DEBIAN DSA-3053
GENTOO GLSA-201412-39
HP HPSBUX03162
HP SSRT101767
HP HPSBMU03260
HP HPSBOV03227
HP SSRT101779
HP SSRT101894
HP HPSBGN03233
HP SSRT101739
HP SSRT101868
HP HPSBMU03267
HP HPSBMU03304
HP HPSBMU03296
HP HPSBHF03300
MANDRIVA MDVSA-2014:203
MANDRIVA MDVSA-2015:062
NETBSD NetBSD-SA2014-015
REDHAT RHSA-2014:1652
REDHAT RHSA-2014:1692
REDHAT RHSA-2015:0126
SUSE openSUSE-SU-2014:1331
SUSE SUSE-SU-2014:1357
SUSE SUSE-SU-2014:1361
UBUNTU USN-2385-1
BID 70586
SECTRACK 1031052
SECUNIA 61130
SECUNIA 61207
SECUNIA 61819
SECUNIA 62030
SECUNIA 59627
SECUNIA 61058
SECUNIA 61073
SECUNIA 61298
SECUNIA 61837
SECUNIA 61959
SECUNIA 61990
SECUNIA 62070
SECUNIA 62124

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.