CVE-2014-0160 - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heart

CVE-2014-0160

Summary

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

References

Vulnerable Configurations

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.21:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.21:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.22:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.22:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.26:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.26:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.27:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.27:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.28:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.28:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.29:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.29:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.30:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.30:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.31:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.31:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.32:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.32:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.33:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.33:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.34:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.34:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.35:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.35:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.36:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.36:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.37:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.37:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.38:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.38:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.39:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.39:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.40:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.40:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.41:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.41:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.42:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.42:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.43:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.43:*:*:*:*:*:*:*
cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:elan-8.2:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:elan-8.2:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*
cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*
cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*
cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*
cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk:6.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.0.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.0.2:*:*:*:enterprise:*:*:*

CVSS

Base:	5.0 (as of 02-07-2024 - 16:52)
Impact:
Exploitability:

CWE

CWE-125

CAPEC

Infiltration of Hardware Development Environment
An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

bugzilla

id	1084875
title	CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment openssl is earlier than 0:1.0.1e-16.el6_5.7
oval oval:com.redhat.rhsa:tst:20140376001
comment openssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929002

AND

comment openssl-devel is earlier than 0:1.0.1e-16.el6_5.7
oval oval:com.redhat.rhsa:tst:20140376003
comment openssl-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929004

AND

comment openssl-perl is earlier than 0:1.0.1e-16.el6_5.7
oval oval:com.redhat.rhsa:tst:20140376005
comment openssl-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929008

AND

comment openssl-static is earlier than 0:1.0.1e-16.el6_5.7
oval oval:com.redhat.rhsa:tst:20140376007
comment openssl-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929010

rhsa

id	RHSA-2014:0376
released	2014-04-08
severity	Important
title	RHSA-2014:0376: openssl security update (Important)

rhsa
id RHSA-2014:0377
rhsa
id RHSA-2014:0378
rhsa
id RHSA-2014:0396

rpms

openssl-0:1.0.1e-16.el6_5.7
openssl-debuginfo-0:1.0.1e-16.el6_5.7
openssl-devel-0:1.0.1e-16.el6_5.7
openssl-perl-0:1.0.1e-16.el6_5.7
openssl-static-0:1.0.1e-16.el6_5.7
openssl-0:1.0.1e-16.el6_5.7
openssl-debuginfo-0:1.0.1e-16.el6_5.7
openssl-devel-0:1.0.1e-16.el6_5.7
openssl-perl-0:1.0.1e-16.el6_5.7
openssl-static-0:1.0.1e-16.el6_5.7
rhev-hypervisor6-0:6.5-20140407.0.el6ev
rhev-hypervisor6-0:6.5-20140118.1.3.2.el6_5
rhevm-spice-client-x64-cab-0:3.3-12.el6_5
rhevm-spice-client-x64-msi-0:3.3-12.el6_5
rhevm-spice-client-x86-cab-0:3.3-12.el6_5
rhevm-spice-client-x86-msi-0:3.3-12.el6_5

refmap via4

bid	66690
bugtraq	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
cert	TA14-098A
cert-vn	VU#720951
cisco	20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
confirm	http://advisories.mageia.org/MGASA-2014-0165.html http://cogentdatahub.com/ReleaseNotes.html http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1 http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3 http://support.citrix.com/article/CTX140605 http://www-01.ibm.com/support/docview.wss?uid=isg400001841 http://www-01.ibm.com/support/docview.wss?uid=isg400001843 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 http://www-01.ibm.com/support/docview.wss?uid=swg21670161 http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf http://www.blackberry.com/btsc/KB35882 http://www.f-secure.com/en/web/labs_global/fsc-2014-1 http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/ http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf http://www.kerio.com/support/kerio-control/release-history http://www.openssl.org/news/secadv_20140407.txt http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html http://www.splunk.com/view/SP-CAAAMB3 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 https://bugzilla.redhat.com/show_bug.cgi?id=1084875 https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf https://code.google.com/p/mod-spdy/issues/detail?id=85 https://filezilla-project.org/versions.php?type=server https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217 https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
debian	DSA-2896
exploit-db	32745 32764
fedora	FEDORA-2014-4879 FEDORA-2014-4910 FEDORA-2014-9308
fulldisc	20140408 Re: heartbleed OpenSSL bug CVE-2014-0160 20140408 heartbleed OpenSSL bug CVE-2014-0160 20140409 Re: heartbleed OpenSSL bug CVE-2014-0160 20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL 20140412 Re: heartbleed OpenSSL bug CVE-2014-0160 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
hp	HPSBGN03008 HPSBGN03010 HPSBGN03011 HPSBHF03021 HPSBHF03136 HPSBHF03293 HPSBMU02994 HPSBMU02995 HPSBMU02997 HPSBMU02998 HPSBMU02999 HPSBMU03009 HPSBMU03012 HPSBMU03013 HPSBMU03017 HPSBMU03018 HPSBMU03019 HPSBMU03020 HPSBMU03022 HPSBMU03023 HPSBMU03024 HPSBMU03025 HPSBMU03028 HPSBMU03029 HPSBMU03030 HPSBMU03032 HPSBMU03033 HPSBMU03037 HPSBMU03040 HPSBMU03044 HPSBMU03062 HPSBPI03014 HPSBPI03031 HPSBST03000 HPSBST03001 HPSBST03004 HPSBST03015 HPSBST03016 HPSBST03027 SSRT101846
mandriva	MDVSA-2015:062
misc	http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ http://heartbleed.com/ https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 https://gist.github.com/chapmajs/10473815 https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html https://www.cert.fi/en/reports/2014/vulnerability788210.html
mlist	[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/
sectrack	1030026 1030074 1030077 1030078 1030079 1030080 1030081 1030082
secunia	57347 57483 57721 57836 57966 57968 59139 59243 59347
suse	SUSE-SA:2014:002 openSUSE-SU-2014:0492 openSUSE-SU-2014:0560
ubuntu	USN-2165-1

Last major update

02-07-2024 - 16:52

Published

07-04-2014 - 22:55

Last modified

02-07-2024 - 16:52