Action not permitted
Modal body text goes here.
cve-2014-3568
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:17.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBOV03227", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "HPSBHF03300", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "name": "openSUSE-SU-2014:1331", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "name": "HPSBUX03162", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61130" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "name": "62070", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/62070" }, { "name": "70585", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/70585" }, { "name": "61073", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61073" }, { "name": "HPSBMU03304", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7" }, { "name": "GLSA-201412-39", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "name": "DSA-3053", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3053" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "HPSBMU03260", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT205217" }, { "name": "SSRT101779", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "APPLE-SA-2015-09-16-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "name": "SUSE-SU-2014:1357", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091" }, { "name": "openssl-cve20143568-sec-bypass(97037)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037" }, { "name": "NetBSD-SA2014-015", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/HT204244" }, { "name": "SSRT101767", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61207" }, { "name": "SUSE-SU-2015:0578", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "62124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/62124" }, { "name": "59627", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59627" }, { "name": "SSRT101894", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "HPSBMU03263", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "name": "SUSE-SU-2014:1361", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "name": "61959", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61959" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "name": "HPSBMU03267", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "name": "HPSBMU03261", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "name": "61058", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61058" }, { "name": "62030", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/62030" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.citrix.com/article/CTX216642" }, { "name": "APPLE-SA-2015-01-27-4", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "name": "1031053", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031053" }, { "name": "61819", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61819" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-10-15T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-14T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBOV03227", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "HPSBHF03300", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "name": "openSUSE-SU-2014:1331", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "name": "HPSBUX03162", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61130" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "name": "62070", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/62070" }, { "name": "70585", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/70585" }, { "name": "61073", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61073" }, { "name": "HPSBMU03304", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7" }, { "name": "GLSA-201412-39", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "name": "DSA-3053", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3053" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "HPSBMU03260", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT205217" }, { "name": "SSRT101779", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "APPLE-SA-2015-09-16-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "name": "SUSE-SU-2014:1357", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091" }, { "name": "openssl-cve20143568-sec-bypass(97037)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037" }, { "name": "NetBSD-SA2014-015", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/HT204244" }, { "name": "SSRT101767", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61207" }, { "name": "SUSE-SU-2015:0578", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "62124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/62124" }, { "name": "59627", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59627" }, { "name": "SSRT101894", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "HPSBMU03263", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "name": "SUSE-SU-2014:1361", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "name": "61959", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61959" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "name": "HPSBMU03267", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "name": "HPSBMU03261", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "name": "61058", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61058" }, { "name": "62030", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/62030" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.citrix.com/article/CTX216642" }, { "name": "APPLE-SA-2015-01-27-4", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "name": "1031053", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031053" }, { "name": "61819", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61819" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3568", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBOV03227", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "HPSBHF03300", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "name": "openSUSE-SU-2014:1331", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "name": "HPSBUX03162", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61130", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61130" }, { "name": "https://www.openssl.org/news/secadv_20141015.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "name": "62070", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62070" }, { "name": "70585", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70585" }, { "name": "61073", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61073" }, { "name": "HPSBMU03304", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7" }, { "name": "GLSA-201412-39", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "name": "DSA-3053", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3053" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "HPSBMU03260", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "https://support.apple.com/HT205217", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205217" }, { "name": "SSRT101779", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "APPLE-SA-2015-09-16-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "name": "SUSE-SU-2014:1357", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091" }, { "name": "openssl-cve20143568-sec-bypass(97037)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037" }, { "name": "NetBSD-SA2014-015", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" }, { "name": "http://support.apple.com/HT204244", "refsource": "CONFIRM", "url": "http://support.apple.com/HT204244" }, { "name": "SSRT101767", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61207", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61207" }, { "name": "SUSE-SU-2015:0578", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "62124", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62124" }, { "name": "59627", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59627" }, { "name": "SSRT101894", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "HPSBMU03263", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "name": "SUSE-SU-2014:1361", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "name": "61959", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61959" }, { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "name": "HPSBMU03267", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "name": "HPSBMU03261", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "name": "61058", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61058" }, { "name": "62030", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62030" }, { "name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX216642" }, { "name": "APPLE-SA-2015-01-27-4", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "name": "1031053", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031053" }, { "name": "61819", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61819" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3568", "datePublished": "2014-10-19T01:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2014-3568\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-10-19T01:55:13.980\",\"lastModified\":\"2023-11-07T02:20:13.390\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.\"},{\"lang\":\"es\",\"value\":\"OpenSSL anterior a 0.9.8zc, 1.0.0 anterior a 1.0.0o, y 1.0.1 anterior a 1.0.1j no fuerza correctamente la opci\u00f3n build no-ssl3, lo que permite a atacantes remotos evadir las restricciones de acceso a trav\u00e9s de una negociaci\u00f3n SSL 3.0, relacionado con s23_clnt.c y s23_srvr.c.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.8zb\",\"matchCriteriaId\":\"7AA6173C-DA1F-4A3B-BB8A-E52F3B846134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A2075BD-6102-4B0F-839A-836E9585F43B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A2FA09E-2BF7-4968-B62D-00DA57F81EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F02E634E-1E3D-4E44-BADA-76F92483A732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC2B07A-49EF-411F-8A4D-89435E22B043\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E9480D6-3B6A-4C41-B8C1-C3F945040772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FF0A06-DA61-4250-B083-67E55E362677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6BA453-C150-4159-B80B-5465EFF83F11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"638A2E69-8AB6-4FEA-852A-FEF16A500C1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C47D3A-B99D-401D-B6B8-1194B2DB4809\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08355B10-E004-4BE6-A5AE-4D428810580B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"738BCFDC-1C49-4774-95AE-E099F707DEF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4B242C0-D27D-4644-AD19-5ACB853C9DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC683F2-4346-4E5E-A8D7-67B4F4D7827B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132B9217-B0E0-4E3E-9096-162AA28E158E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7619F9A0-9054-4217-93D1-3EA64876C5B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D82C405-17E2-4DF1-8DF5-315BD5A41595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C96806F-4718-4BD3-9102-55A26AA86498\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D1C00C0-C77E-4255-9ECA-20F2673C7366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"21F16D65-8A46-4AC7-8970-73AB700035FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"92F393FF-7E6F-4671-BFBF-060162E12659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1B85A09-CF8D-409D-966E-168F9959F6F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C684FB18-FDDC-4BED-A28C-C23EE6CD0094\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74A79A7-4FAF-4C81-8622-050008B96AE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEDACCB9-8D61-49EE-9957-9E58BC7BB031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4993DD56-F9E3-4AC8-AC3E-BF204B950DEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E884B241-F9C3-44F8-A420-DE65F5F3D660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A383620-B4F7-44A7-85DA-A4FF2E115D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F0C6812-F455-49CF-B29B-9AC00306DA43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F2D462C-A1B4-4572-A615-BDE9DC5F1E55\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59627\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61058\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61073\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61130\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61207\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61819\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61959\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/62030\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/62070\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/62124\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201412-39.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/HT204244\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21686997\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2014/dsa-3053\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/70585\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1031053\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/97037\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT205217\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.citrix.com/article/CTX216642\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.openssl.org/news/secadv_20141015.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
gsd-2014-3568
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2014-3568", "description": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.", "id": "GSD-2014-3568", "references": [ "https://www.suse.com/security/cve/CVE-2014-3568.html", "https://www.debian.org/security/2014/dsa-3053", "https://alas.aws.amazon.com/cve/html/CVE-2014-3568.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2014-3568" ], "details": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.", "id": "GSD-2014-3568", "modified": "2023-12-13T01:22:53.223146Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3568", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBOV03227", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "HPSBHF03300", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "name": "openSUSE-SU-2014:1331", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "name": "HPSBUX03162", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61130", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61130" }, { "name": "https://www.openssl.org/news/secadv_20141015.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "name": "62070", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62070" }, { "name": "70585", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70585" }, { "name": "61073", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61073" }, { "name": "HPSBMU03304", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7" }, { "name": "GLSA-201412-39", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "name": "DSA-3053", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3053" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "HPSBMU03260", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "https://support.apple.com/HT205217", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205217" }, { "name": "SSRT101779", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "APPLE-SA-2015-09-16-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "name": "SUSE-SU-2014:1357", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091" }, { "name": "openssl-cve20143568-sec-bypass(97037)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037" }, { "name": "NetBSD-SA2014-015", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" }, { "name": "http://support.apple.com/HT204244", "refsource": "CONFIRM", "url": "http://support.apple.com/HT204244" }, { "name": "SSRT101767", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61207", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61207" }, { "name": "SUSE-SU-2015:0578", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "62124", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62124" }, { "name": "59627", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59627" }, { "name": "SSRT101894", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "HPSBMU03263", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "name": "SUSE-SU-2014:1361", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "name": "61959", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61959" }, { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "name": "HPSBMU03267", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "name": "HPSBMU03261", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "name": "61058", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61058" }, { "name": "62030", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62030" }, { "name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX216642" }, { "name": "APPLE-SA-2015-01-27-4", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "name": "1031053", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031053" }, { "name": "61819", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61819" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zb", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3568" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-310" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7" }, { "name": "https://www.openssl.org/news/secadv_20141015.txt", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "name": "1031053", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1031053" }, { "name": "70585", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/70585" }, { "name": "DSA-3053", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2014/dsa-3053" }, { "name": "HPSBUX03162", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "openSUSE-SU-2014:1331", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "name": "SUSE-SU-2014:1361", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "name": "NetBSD-SA2014-015", "refsource": "NETBSD", "tags": [], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" }, { "name": "61207", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/61207" }, { "name": "62030", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/62030" }, { "name": "59627", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59627" }, { "name": "61959", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/61959" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "name": "SUSE-SU-2014:1357", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "name": "61819", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/61819" }, { "name": "61130", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/61130" }, { "name": "61058", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/61058" }, { "name": "61073", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/61073" }, { "name": "62070", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/62070" }, { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", "refsource": "CONFIRM", "tags": [], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "name": "62124", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/62124" }, { "name": "APPLE-SA-2015-01-27-4", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "name": "http://support.apple.com/HT204244", "refsource": "CONFIRM", "tags": [], "url": "http://support.apple.com/HT204244" }, { "name": "GLSA-201412-39", "refsource": "GENTOO", "tags": [], "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "name": "SSRT101779", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "SSRT101894", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "HPSBMU03267", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "name": "SUSE-SU-2015:0578", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "HPSBMU03304", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "name": "HPSBHF03300", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "name": "APPLE-SA-2015-09-16-2", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "name": "https://support.apple.com/HT205217", "refsource": "CONFIRM", "tags": [], "url": "https://support.apple.com/HT205217" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "HPSBMU03263", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "name": "HPSBMU03261", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091", "refsource": "CONFIRM", "tags": [], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091" }, { "name": "openssl-cve20143568-sec-bypass(97037)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037" }, { "name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "tags": [], "url": "https://support.citrix.com/article/CTX216642" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2017-11-15T02:29Z", "publishedDate": "2014-10-19T01:55Z" } } }
ghsa-3873-898q-6f32
Vulnerability from github
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
{ "affected": [], "aliases": [ "CVE-2014-3568" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2014-10-19T01:55:00Z", "severity": "MODERATE" }, "details": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.", "id": "GHSA-3873-898q-6f32", "modified": "2022-05-17T19:57:38Z", "published": "2022-05-17T19:57:38Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3568" }, { "type": "WEB", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037" }, { "type": "WEB", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7" }, { "type": "WEB", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "type": "WEB", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "type": "WEB", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091" }, { "type": "WEB", "url": "https://support.apple.com/HT205217" }, { "type": "WEB", "url": "https://support.citrix.com/article/CTX216642" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "type": "WEB", "url": "http://secunia.com/advisories/59627" }, { "type": "WEB", "url": "http://secunia.com/advisories/61058" }, { "type": "WEB", "url": "http://secunia.com/advisories/61073" }, { "type": "WEB", "url": "http://secunia.com/advisories/61130" }, { "type": "WEB", "url": "http://secunia.com/advisories/61207" }, { "type": "WEB", "url": "http://secunia.com/advisories/61819" }, { "type": "WEB", "url": "http://secunia.com/advisories/61959" }, { "type": "WEB", "url": "http://secunia.com/advisories/62030" }, { "type": "WEB", "url": "http://secunia.com/advisories/62070" }, { "type": "WEB", "url": "http://secunia.com/advisories/62124" }, { "type": "WEB", "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "type": "WEB", "url": "http://support.apple.com/HT204244" }, { "type": "WEB", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "type": "WEB", "url": "http://www.debian.org/security/2014/dsa-3053" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/70585" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1031053" } ], "schema_version": "1.4.0", "severity": [] }
var-201410-1151
Vulnerability from variot
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded. ( Security fix ) patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded. For more information, see: https://www.openssl.org/news/secadv_20141015.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz 8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz 21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz 5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz 2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz fedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz 6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz f7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz 40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz 0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: d07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz 1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz
Slackware -current packages: 53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz cc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz
Slackware x86_64 -current packages: 500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz c483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and address the following:
AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine all the network addresses of the system Description: The AFP file server supported a command which returned all the network addresses of the system. This issue was addressed by removing the addresses from the result. CVE-ID CVE-2014-4426 : Craig Young of Tripwire VERT
bash Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in bash, including one that may allow local attackers to execute arbitrary code Description: Multiple vulnerabilities existed in bash. These issues were addressed by updating bash to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187
Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer signedness error existed in IOBluetoothFamily which allowed manipulation of kernel memory. This issue was addressed through improved bounds checking. This issue does not affect OS X Yosemite systems. CVE-ID CVE-2014-4497
Bluetooth Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An error existed in the Bluetooth driver that allowed a malicious application to control the size of a write to kernel memory. The issue was addressed through additional input validation. CVE-ID CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple security issues existed in the Bluetooth driver, allowing a malicious application to execute arbitrary code with system privilege. The issues were addressed through additional input validation. CVE-ID CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze Networks
CFNetwork Cache Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Website cache may not be fully cleared after leaving private browsing Description: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior. CVE-ID CVE-2014-4460
CoreGraphics Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the iSIGHT Partners GVP Program
CPU Software Available for: OS X Yosemite v10.10 and v10.10.1, for: MacBook Pro Retina, MacBook Air (Mid 2013 and later), iMac (Late 2013 and later), Mac Pro (Late 2013) Impact: A malicious Thunderbolt device may be able to affect firmware flashing Description: Thunderbolt devices could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework Available for: OS X Yosemite v10.10 and v10.10.1 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of App Store logs. The App Store process could log Apple ID credentials in the log when additional logging was enabled. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-4499 : Sten Petersen
CoreGraphics Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Some third-party applications with non-secure text entry and mouse events may log those events Description: Due to the combination of an uninitialized variable and an application's custom allocator, non-secure text entry and mouse events may have been logged. This issue was addressed by ensuring that logging is off by default. This issue did not affect systems prior to OS X Yosemite. CVE-ID CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PDF files. The issue was addressed through improved bounds checking. This issue does not affect OS X Yosemite systems. CVE-ID CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple type confusion issues existed in coresymbolicationd's handling of XPC messages. These issues were addressed through improved type checking. CVE-ID CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Processing a maliciously crafted .dfont file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .dfont files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4483 : Apple
Foundation Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Viewing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the XML parser. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4485 : Apple
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in Intel graphics driver Description: Multiple vulnerabilities existed in the Intel graphics driver, the most serious of which may have led to arbitrary code execution with system privileges. This update addresses the issues through additional bounds checks. CVE-ID CVE-2014-8819 : Ian Beer of Google Project Zero CVE-2014-8820 : Ian Beer of Google Project Zero CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOAcceleratorFamily's handling of certain IOService userclient types. This issue was addressed through improved validation of IOAcceleratorFamily contexts. CVE-ID CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in IOHIDFamily. This issue was addressed with improved bounds checking. CVE-ID CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOHIDFamily's handling of resource queue metadata. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4488 : Apple
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of event queues. This issue was addressed through improved validation of IOHIDFamily event queue initialization. CVE-ID CVE-2014-4489 : @beist
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A bounds checking issue existed in a user client vended by the IOHIDFamily driver which allowed a malicious application to overwrite arbitrary portions of the kernel address space. The issue is addressed by removing the vulnerable user client method. CVE-ID CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A privileged application may be able to read arbitrary data from kernel memory Description: A memory access issue existed in the handling of IOUSB controller user client functions. This issue was addressed through improved argument validation. CVE-ID CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Specifying a custom cache mode allowed writing to kernel read-only shared memory segments. This issue was addressed by not granting write permissions as a side-effect of some custom cache modes. CVE-ID CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-8824 : @PanguTeam
Kernel Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A local attacker can spoof directory service responses to the kernel, elevate privileges, or gain kernel execution Description: Issues existed in identitysvc validation of the directory service resolving process, flag handling, and error handling. This issue was addressed through improved validation. CVE-ID CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A local user may be able to determine kernel memory layout Description: Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization. CVE-ID CVE-2014-4371 : Fermin J. Serna of the Google Security Team CVE-2014-4419 : Fermin J. Serna of the Google Security Team CVE-2014-4420 : Fermin J. Serna of the Google Security Team CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel Available for: OS X Mavericks v10.9.5 Impact: A person with a privileged network position may cause a denial of service Description: A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking. CVE-ID CVE-2011-2391
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them. CVE-ID CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata. CVE-ID CVE-2014-4461 : @PanguTeam
LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious JAR file may bypass Gatekeeper checks Description: An issue existed in the handling of application launches which allowed certain malicious JAR files to bypass Gatekeeper checks. This issue was addressed through improved handling of file type metadata. CVE-ID CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious, sandboxed app can compromise the networkd daemon Description: Multiple type confusion issues existed in networkd's handling of interprocess communication. By sending networkd a maliciously formatted message, it may have been possible to execute arbitrary code as the networkd process. The issue is addressed through additional type checking. CVE-ID CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A Mac may not lock immediately upon wake Description: An issue existed in the rendering of the lock screen. This issue was address through improved screen rendering while locked. CVE-ID CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed testers
lukemftp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Using the command line ftp tool to fetch files from a malicious http server may lead to arbitrary code execution Description: A command injection issue existed in the handling of HTTP redirects. This issue was addressed through improved validation of special characters. CVE-ID CVE-2014-8517
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one that may allow an attacker to downgrade connections to use weaker cipher-suites in applications using the library Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za. These issues were addressed by updating OpenSSL to version 0.9.8zc. CVE-ID CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
Sandbox Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A design issue existed in the caching of sandbox profiles which allowed sandboxed applications to gain write access to the cache. This issue was addressed by restricting write access to paths containing a "com.apple.sandbox" segment. This issue does not affect OS X Yosemite v10.10 or later. CVE-ID CVE-2014-8828 : Apple
SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: Multiple out of bounds write issues existed in SceneKit. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Viewing a maliciously crafted Collada file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to an unexpected application termination or arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team
Security Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A downloaded application signed with a revoked Developer ID certificate may pass Gatekeeper checks Description: An issue existed with how cached application certificate information was evaluated. This issue was addressed with cache logic improvements. CVE-ID CVE-2014-8838 : Apple
security_taskgate Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: An app may access keychain items belonging to other apps Description: An access control issue existed in the Keychain. Applications signed with self-signed or Developer ID certificates could access keychain items whose access control lists were based on keychain groups. This issue was addressed by validating the signing identity when granting access to keychain groups. CVE-ID CVE-2014-8831 : Apple
Spotlight Available for: OS X Yosemite v10.10 and v10.10.1 Impact: The sender of an email could determine the IP address of the recipient Description: Spotlight did not check the status of Mail's "Load remote content in messages" setting. This issue was addressed by improving configuration checking. CVE-ID CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of LastFriday.no
Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Spotlight may save unexpected information to an external hard drive Description: An issue existed in Spotlight where memory contents may have been written to external hard drives when indexing. This issue was addressed with better memory management. CVE-ID CVE-2014-8832 : F-Secure
SpotlightIndex Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Spotlight may display results for files not belonging to the user Description: A deserialization issue existed in Spotlight's handling of permission caches. A user performing a Spotlight query may have been shown search results referencing files for which they don't have sufficient privileges to read. This issue was addressed with improved bounds checking. CVE-ID CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A type confusion vulnerability existed in sysmond that allowed a local application to escalate privileges. The issue was addressed with improved type checking. CVE-ID CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Printing-related preference files may contain sensitive information about PDF documents Description: OS X Yosemite v10.10 addressed an issue in the handling of password-protected PDF files created from the Print dialog where passwords may have been included in printing preference files. This update removes such extraneous information that may have been present in printing preference files. CVE-ID CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari 8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6 8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/ qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V 0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA 0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq nggZl3Sa+QhfaHSUqSJI =uAqk -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Resolution
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.
References
[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-39.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Release Date: 2015-03-16 Last Updated: 2015-05-20
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
References:
CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT101920 SSRT101921 SSRT101922 SSRT101894
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control impacted software components and versions
HP Insight Control 7.2, 7.3 and 7.4
HP Insight Control server migration v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2 v7.3.3 and v 7.4.0
HP Systems Insight Manager (SIM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.4.0, and 7.4.0a for Linux and Windows bundled with the following software:
HP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows HP Version Control Agent (VCA) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2 and v7.3.3 for Windows HP Version Control Agent (VCA) v7.2.0, v7.2.2(A), v7.3.0, v7.3.2 and v7.3.3 for Linux HP Version Control Repository Manager (VCRM) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.3.4, v7.4.0, and 7.4.0a for Windows HP Version Control Repository Manager (VCRM) v7.2.0, v7.3.4, v7.4.0 and v7.4.0a for Linux
HP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software updates to resolve these vulnerabilities in HP Insight Control 7.2. The HP Insight Control 7.2.1 Update kit applicable to HP Insight Control 7.2.x installations is available at the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPICE
NOTE: Please read the readme.txt file before proceeding with the installation.
HP has addressed these vulnerabilities for the impacted software components bundled with HP Insight Control in the following HP Security Bulletins:
HP Insight Control software components HP Security Bulletin Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03261 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571454
HP System Management Homepage (SMH) HPSBMU03260 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571379
HP Version Control Agent (VCA) HPSBMU03262 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571956
Version Control Repository Manager (VCRM) HPSBMU03259 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04570627
HISTORY Version:1 (rev.1) - 16 March 2015 Initial release Version:2 (rev.2) - 14 April 2015 Incorrect version in Resolution Version:3 (rev.3) - 20 May 2015 Updated impacted versions
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2015-0001 Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues Issue date: 2015-01-27 Updated on: 2015-01-27 (Initial Advisory) CVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044
--- OPENSSL---
CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568
--- libxml2 ---
CVE-2014-3660
- Summary
VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.
- Relevant Releases
VMware Workstation 10.x prior to version 10.0.5
VMware Player 6.x prior to version 6.0.5
VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5
vCenter Server 5.5 prior to Update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG
- Problem Description
a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability
VMware ESXi, Workstation, Player and Fusion contain an arbitrary
file write issue. Exploitation this issue may allow for privilege
escalation on the host.
The vulnerability does not allow for privilege escalation from
the guest Operating System to the host or vice-versa. This means
that host memory can not be manipulated from the Guest Operating
System.
Mitigation
For ESXi to be affected, permissions must have been added to ESXi
(or a vCenter Server managing it) for a virtual machine
administrator role or greater.
VMware would like to thank Shanon Olsson for reporting this issue to
us through JPCERT.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-8370 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any 6.0.5
ESXi 5.5 ESXi ESXi550-201403102-SG
ESXi 5.1 ESXi ESXi510-201404101-SG
ESXi 5.0 ESXi ESXi500-201405101-SG
b. VMware Workstation, Player, and Fusion Denial of Service vulnerability
VMware Workstation, Player, and Fusion contain an input validation
issue in the Host Guest File System (HGFS). This issue may allow
for a Denial of Service of the Guest Operating system.
VMware would like to thank Peter Kamensky from Digital Security for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1043 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any 7.0.1
Fusion 6.x any 6.0.5
c. VMware ESXi, Workstation, and Player Denial of Service vulnerability
VMware ESXi, Workstation, and Player contain an input
validation issue in VMware Authorization process (vmware-authd).
This issue may allow for a Denial of Service of the host. On
VMware ESXi and on Workstation running on Linux the Denial of
Service would be partial.
VMware would like to thank Dmitry Yudin @ret5et for reporting
this issue to us through HP's Zero Day Initiative.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1044 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any not affected
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201410101-SG
ESXi 5.0 ESXi not affected
d.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-3513, CVE-2014-3567,
CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any Update 2d*
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
* The VMware vCenter 5.5 SSO component will be
updated in a later release
e. Update to ESXi libxml2 package
The libxml2 library is updated to version libxml2-2.7.6-17
to resolve a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-3660 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Workstation 10.x
https://www.vmware.com/go/downloadworkstation
VMware Player 6.x
https://www.vmware.com/go/downloadplayer
VMware Fusion 7.x and 6.x
https://www.vmware.com/go/downloadplayer
vCenter Server
Downloads and Documentation: https://www.vmware.com/go/download-vsphere
ESXi 5.5 Update 2d
File: update-from-esxi5.5-5.5_update01.zip md5sum: 5773844efc7d8e43135de46801d6ea25 sha1sum: 6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065832 update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG
ESXi 5.5
File: ESXi550-201501001.zip md5sum: b0f2edd9ad17d0bae5a11782aaef9304 sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1 http://kb.vmware.com/kb/2099265 ESXi550-201501001.zip contains ESXi550-201501101-SG
ESXi 5.1
File: ESXi510-201404001.zip md5sum: 9dc3c9538de4451244a2b62d247e52c4 sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66 http://kb.vmware.com/kb/2070666 ESXi510-201404001 contains ESXi510-201404101-SG
ESXi 5.0
File: ESXi500-201405001.zip md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5 http://kb.vmware.com/kb/2075521 ESXi500-201405001 contains ESXi500-201405101-SG
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660
- Change log
2015-01-27 VMSA-2015-0001 Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.0 (Build 8741) Charset: utf-8
wj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE c75UD0ctlJx5607JuLfnb6Y= =IxpT -----END PGP SIGNATURE----- . CVE-ID CVE-2015-0248 CVE-2015-0251
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.0". Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. [CVE-2014-3567].
The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. [CVE-2014-3568].
III. Impact
A remote attacker can cause Denial of Service with OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. [CVE-2014-3513]
By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].
An active man-in-the-middle attacker can force a protocol downgrade to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data from the connection. [CVE-2014-3566] [CVE-2014-3568]
IV. Workaround
No workaround is available. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 8.4, 9.1 and 9.2]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc
gpg --verify openssl-8.4.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r273151 releng/8.4/ r273416 stable/9/ r273151 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273149 releng/10.0/ r273415 releng/10.1/ r273399
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1151", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zb" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "bladecenter advanced management module 3.66n", "scope": "ne", "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter advanced management module 3.66k", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "global console manager", "scope": "ne", "trust": 0.6, "vendor": "ibm", "version": "1.26.1.23978" }, { "model": "global console manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.4.2.15036" }, { "model": "global console manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.20.20.23447" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "local console manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.2.39.0" }, { "model": "local console manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.2.27.00" }, { "model": "local console manager", "scope": "ne", "trust": 0.6, "vendor": "ibm", "version": "1.2.40.00" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "q", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "16200" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "k", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58200" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "switch series r1809p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5820" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "msr4000", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "mcp r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6600" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "msr3000 r0106p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sle client tools", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "850/8700" }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "r5203p11", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3100v2" }, { "model": "f5000-s", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr1000 r2513p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "msr9xx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "j", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58300" }, { "model": "project openssl 1.0.1j", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.0" }, { "model": "wb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.3" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "n", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl 1.0.0o", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aspera", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.2" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "m210", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "vsr1000", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "r15xx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19100" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.2" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "119000" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "switch series r5319p10", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3610" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "msr1000 russian version r2513l40.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "f5000-c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.0.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.23" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.4" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "a6600", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "r1828p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "12500" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "r2122", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7900" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.1" }, { "model": "u200s and cs f5123p30", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "office connect ps1810", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "qradar siem mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aura communication manager ssp04", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ex series network switches for ibm products pre 12.3r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "f1000-a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.0.3" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "hsr6602 r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "m.10", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.3" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "a6600 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "79000" }, { "model": "aspera proxy", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.3" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "f1000-s", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v2-480" }, { "model": "aspera mobile", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "msr93x", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "h.10", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "r1104", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1620" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "u200s and cs", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.20" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aspera drive", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "russian version r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6602" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "f1000-e", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "12500(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v7)0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "48000" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "vcx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "57000" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5.0" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.3.1" }, { "model": "msr50-g2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5" }, { "model": "r", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.1" }, { "model": "esxi esxi550-20150110", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "ei switch series r2221p08", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5500" }, { "model": "kb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr30", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.8.0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129000" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "msr1000", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr30 russian version 2513l40.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "i.10", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "m.08", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.1" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "a6600 r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "9500e", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-493" }, { "model": "msr20 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "switch series r1118p11", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5830" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.8" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli workload scheduler for z/os connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.6" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.3.6" }, { "model": "secblade iii", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "sle client tools for x86 64", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4" }, { "model": "msr30 r2513p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli workload scheduler for z/os connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "msr50-g2 r2513p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "msr1000 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "vb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "ka", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "office connect pk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "18100" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "yb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "f5000 f3210p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.5.03.00" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.41" }, { "model": "aspera ondemand for google cloud", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.21" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "aura utility services sp7", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "hsr6602 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "aspera console", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "2.5.3" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "e", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "mcp russian version r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6600" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.2" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "msr50 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "hsr6800 r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.20" }, { "model": "msr3000", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aspera faspex", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "3.9" }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.40" }, { "model": "msr2000 r0106p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "va", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.32" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aspera ondemand for softlayer", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.4" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125000" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.4" }, { "model": "switch series r1809p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5800" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "aspera ondemand for azure", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "r2311p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5700" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "1.9" }, { "model": "hi switch series r5501p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5500" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "qradar risk manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "secblade iii r3820p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "msm", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.46.4.2.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.1" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "aspera client", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "hsr6800 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.4" }, { "model": "aspera outlook plugin", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "project openssl 0.9.8zc", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v5)0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.0" }, { "model": "r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6602" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.5" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.0" }, { "model": "u200a and m", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "msr20-1x r2513p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "r1105", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1920" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "r11xx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19100" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "tivoli workload scheduler for z/os connector fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58000" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.5" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.3" }, { "model": "si switch series r2221p08", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5500" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1.2" }, { "model": "aspera connect server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "z/tpf", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "r2110p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3100v2-48" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3.2" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "ps110", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.33" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "9500e r1828p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.3.0" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "f5000-s r3811p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.1.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "a6600 russian version r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v7)0" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.7.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.1" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "qradar vulnerability manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "msr30-16 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6602", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "msr30-16 russian version 2513l40.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "msr20-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ra", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "f5000-c r3811p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.4" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.1" }, { "model": "rf manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.6.0" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "tivoli workload scheduler for z/os connector fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "hsr6800", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ei switch series r2221p08", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5120" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.2" }, { "model": "h.07", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-495" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.1" }, { "model": "msr50 g2 russian version 2513l40.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "sle client tools for s390x", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2.2" }, { "model": "office connect pm", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "18100" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "36100" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "msr30-16", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ya", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "switch series r2311p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5900" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "msm", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.26.2.1.2" }, { "model": "hi switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "msr30-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.0" }, { "model": "msr30-1x", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "switch series r2110p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3600v2" }, { "model": "aura presence services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "12500(comware r7328p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v7)" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.0.1" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "w", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "msr30 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "r15xx r1513p95", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1910" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.7.0" }, { "model": "msr4000 r0106p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "msr50 russian version 2513l40.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3600v20" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "msr30-1x r2513p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "pb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "msm", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.56.5.1.0" }, { "model": "msr50 r2513p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "switch series r6708p10", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7500" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.10" }, { "model": "g switch series r2221p08", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4800" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "f1000-e r3181p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "msr9xx r2513p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mcp russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "4510g switch series r2221p08", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "r11xx r1107", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1910" }, { "model": "wx5002/5004", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "msr30-16 r2513p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "msr30-1x russian version 2513l40.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "aspera point to point", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.3" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "msr50", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.7.7" }, { "model": "xcode", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "7.0" }, { "model": "switch series r2111p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "11900" }, { "model": "f1000-a r3734p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "hsr6602 russian version r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "aspera orchestrator", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "2.10" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8300" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "hsr6800 russian version r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3" }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.0" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51300" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59200" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "y", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "u", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "4210g switch series r2221p08", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.34" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aspera proxy", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "l", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "server migration pack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "4210g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "m220", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "f5000", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aspera ondemand for amazon", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "virtual connect enterprise manager sdk", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "msm", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.36.3.1.0" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "server migration pack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "msr20-1x", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aspera cargo", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59000" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "msr2000", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "mcp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125000" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75000" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19200" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "si switch series r1513p95", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5120" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.1" }, { "model": "f", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "qradar risk manager mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "switch series r1005p15", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "12900" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.0" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "office connect p", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "18100" }, { "model": "aspera orchestrator", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "r2507p34", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "f1000-s r3734p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "matrix operating environment", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "msr50 g2 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "manager for sle sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "111.7" }, { "model": "studio onsite", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "1.3" }, { "model": "msr20-1x russian version 2513l40.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "secblade ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "60000" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "office connect pl", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "18100" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "msr20 russian version 2513l40.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "secblade fw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "u200a and m f5123p30", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "t", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "switch series (comware r1208p10", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "10500v5)" }, { "model": "4510g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vsr1000 r0204p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "switch series r2311p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5920" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "ei switch series r3108p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5130" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" } ], "sources": [ { "db": "BID", "id": "70585" }, { "db": "NVD", "id": "CVE-2014-3568" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zb", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3568" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Akamai Technologies", "sources": [ { "db": "BID", "id": "70585" } ], "trust": 0.3 }, "cve": "CVE-2014-3568", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-3568", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3568", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3568", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3568" }, { "db": "NVD", "id": "CVE-2014-3568" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\npatches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n https://www.openssl.org/news/secadv_20141015.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz\n8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz\n21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz\n5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz\n2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz\nfedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz\n6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz\nf7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz\n40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz\n0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz\n1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz\ncc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz\n\nSlackware x86_64 -current packages:\n500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz\nc483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001\n\nOS X 10.10.2 and Security Update 2015-001 are now available and\naddress the following:\n\nAFP Server\nAvailable for: OS X Mavericks v10.9.5\nImpact: A remote attacker may be able to determine all the network\naddresses of the system\nDescription: The AFP file server supported a command which returned\nall the network addresses of the system. This issue was addressed by\nremoving the addresses from the result. \nCVE-ID\nCVE-2014-4426 : Craig Young of Tripwire VERT\n\nbash\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Multiple vulnerabilities in bash, including one that may\nallow local attackers to execute arbitrary code\nDescription: Multiple vulnerabilities existed in bash. These issues\nwere addressed by updating bash to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nBluetooth\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer signedness error existed in\nIOBluetoothFamily which allowed manipulation of kernel memory. This\nissue was addressed through improved bounds checking. This issue does\nnot affect OS X Yosemite systems. \nCVE-ID\nCVE-2014-4497\n\nBluetooth\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An error existed in the Bluetooth driver that allowed a\nmalicious application to control the size of a write to kernel\nmemory. The issue was addressed through additional input validation. \nCVE-ID\nCVE-2014-8836 : Ian Beer of Google Project Zero\n\nBluetooth\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple security issues existed in the Bluetooth\ndriver, allowing a malicious application to execute arbitrary code\nwith system privilege. The issues were addressed through additional\ninput validation. \nCVE-ID\nCVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nCFNetwork Cache\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Website cache may not be fully cleared after leaving private\nbrowsing\nDescription: A privacy issue existed where browsing data could\nremain in the cache after leaving private browsing. This issue was\naddressed through a change in caching behavior. \nCVE-ID\nCVE-2014-4460\n\nCoreGraphics\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the\niSIGHT Partners GVP Program\n\nCPU Software\nAvailable for: OS X Yosemite v10.10 and v10.10.1,\nfor: MacBook Pro Retina, MacBook Air (Mid 2013 and later),\niMac (Late 2013 and later), Mac Pro (Late 2013)\nImpact: A malicious Thunderbolt device may be able to affect\nfirmware flashing\nDescription: Thunderbolt devices could modify the host firmware if\nconnected during an EFI update. This issue was addressed by not\nloading option ROMs during updates. \nCVE-ID\nCVE-2014-4498 : Trammell Hudson of Two Sigma Investments\n\nCommerceKit Framework\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: An attacker with access to a system may be able to recover\nApple ID credentials\nDescription: An issue existed in the handling of App Store logs. The\nApp Store process could log Apple ID credentials in the log when\nadditional logging was enabled. This issue was addressed by\ndisallowing logging of credentials. \nCVE-ID\nCVE-2014-4499 : Sten Petersen\n\nCoreGraphics\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Some third-party applications with non-secure text entry and\nmouse events may log those events\nDescription: Due to the combination of an uninitialized variable and\nan application\u0027s custom allocator, non-secure text entry and mouse\nevents may have been logged. This issue was addressed by ensuring\nthat logging is off by default. This issue did not affect systems\nprior to OS X Yosemite. \nCVE-ID\nCVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard\n\nCoreGraphics\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nPDF files. The issue was addressed through improved bounds checking. \nThis issue does not affect OS X Yosemite systems. \nCVE-ID\nCVE-2014-8816 : Mike Myers, of Digital Operatives LLC\n\nCoreSymbolication\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple type confusion issues existed in\ncoresymbolicationd\u0027s handling of XPC messages. These issues were\naddressed through improved type checking. \nCVE-ID\nCVE-2014-8817 : Ian Beer of Google Project Zero\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Processing a maliciously crafted .dfont file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.dfont files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4484 : Gaurav Baruah working with HP\u0027s Zero Day Initiative\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of font\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4483 : Apple\n\nFoundation\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Viewing a maliciously crafted XML file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the XML parser. This issue\nwas addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4485 : Apple\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Multiple vulnerabilities in Intel graphics driver\nDescription: Multiple vulnerabilities existed in the Intel graphics\ndriver, the most serious of which may have led to arbitrary code\nexecution with system privileges. This update addresses the issues\nthrough additional bounds checks. \nCVE-ID\nCVE-2014-8819 : Ian Beer of Google Project Zero\nCVE-2014-8820 : Ian Beer of Google Project Zero\nCVE-2014-8821 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in\nIOAcceleratorFamily\u0027s handling of certain IOService userclient types. \nThis issue was addressed through improved validation of\nIOAcceleratorFamily contexts. \nCVE-ID\nCVE-2014-4486 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A buffer overflow existed in IOHIDFamily. This issue\nwas addressed with improved bounds checking. \nCVE-ID\nCVE-2014-4487 : TaiG Jailbreak Team\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in IOHIDFamily\u0027s handling of\nresource queue metadata. This issue was addressed through improved\nvalidation of metadata. \nCVE-ID\nCVE-2014-4488 : Apple\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of event queues. This issue was addressed through improved\nvalidation of IOHIDFamily event queue initialization. \nCVE-ID\nCVE-2014-4489 : @beist\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: A bounds checking issue existed in a user client vended\nby the IOHIDFamily driver which allowed a malicious application to\noverwrite arbitrary portions of the kernel address space. The issue\nis addressed by removing the vulnerable user client method. \nCVE-ID\nCVE-2014-8822 : Vitaliy Toropov working with HP\u0027s Zero Day Initiative\n\nIOKit\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved validation of\nIOKit API arguments. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nIOUSBFamily\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A privileged application may be able to read arbitrary data\nfrom kernel memory\nDescription: A memory access issue existed in the handling of IOUSB\ncontroller user client functions. This issue was addressed through\nimproved argument validation. \nCVE-ID\nCVE-2014-8823 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Specifying a custom cache mode allowed writing to\nkernel read-only shared memory segments. This issue was addressed by\nnot granting write permissions as a side-effect of some custom cache\nmodes. \nCVE-ID\nCVE-2014-4495 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-8824 : @PanguTeam\n\nKernel\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A local attacker can spoof directory service responses to\nthe kernel, elevate privileges, or gain kernel execution\nDescription: Issues existed in identitysvc validation of the\ndirectory service resolving process, flag handling, and error\nhandling. This issue was addressed through improved validation. \nCVE-ID\nCVE-2014-8825 : Alex Radocea of CrowdStrike\n\nKernel\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: Multiple uninitialized memory issues existed in the\nnetwork statistics interface, which led to the disclosure of kernel\nmemory content. This issue was addressed through additional memory\ninitialization. \nCVE-ID\nCVE-2014-4371 : Fermin J. Serna of the Google Security Team\nCVE-2014-4419 : Fermin J. Serna of the Google Security Team\nCVE-2014-4420 : Fermin J. Serna of the Google Security Team\nCVE-2014-4421 : Fermin J. Serna of the Google Security Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5\nImpact: A person with a privileged network position may cause a\ndenial of service\nDescription: A race condition issue existed in the handling of IPv6\npackets. This issue was addressed through improved lock state\nchecking. \nCVE-ID\nCVE-2011-2391\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Maliciously crafted or compromised applications may be able\nto determine addresses in the kernel\nDescription: An information disclosure issue existed in the handling\nof APIs related to kernel extensions. Responses containing an\nOSBundleMachOHeaders key may have included kernel addresses, which\nmay aid in bypassing address space layout randomization protection. \nThis issue was addressed by unsliding the addresses before returning\nthem. \nCVE-ID\nCVE-2014-4491 : @PanguTeam, Stefan Esser\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IOSharedDataQueue objects. This issue was\naddressed through relocation of the metadata. \nCVE-ID\nCVE-2014-4461 : @PanguTeam\n\nLaunchServices\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious JAR file may bypass Gatekeeper checks\nDescription: An issue existed in the handling of application\nlaunches which allowed certain malicious JAR files to bypass\nGatekeeper checks. This issue was addressed through improved handling\nof file type metadata. \nCVE-ID\nCVE-2014-8826 : Hernan Ochoa of Amplia Security\n\nlibnetcore\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious, sandboxed app can compromise the networkd\ndaemon\nDescription: Multiple type confusion issues existed in networkd\u0027s\nhandling of interprocess communication. By sending networkd a\nmaliciously formatted message, it may have been possible to execute\narbitrary code as the networkd process. The issue is addressed\nthrough additional type checking. \nCVE-ID\nCVE-2014-4492 : Ian Beer of Google Project Zero\n\nLoginWindow\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A Mac may not lock immediately upon wake\nDescription: An issue existed in the rendering of the lock screen. \nThis issue was address through improved screen rendering while\nlocked. \nCVE-ID\nCVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed\ntesters\n\nlukemftp\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Using the command line ftp tool to fetch files from a\nmalicious http server may lead to arbitrary code execution\nDescription: A command injection issue existed in the handling of\nHTTP redirects. This issue was addressed through improved validation\nof special characters. \nCVE-ID\nCVE-2014-8517\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one\nthat may allow an attacker to downgrade connections to use weaker\ncipher-suites in applications using the library\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8za. \nThese issues were addressed by updating OpenSSL to version 0.9.8zc. \nCVE-ID\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nSandbox\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A design issue existed in the caching of sandbox\nprofiles which allowed sandboxed applications to gain write access to\nthe cache. This issue was addressed by restricting write access to\npaths containing a \"com.apple.sandbox\" segment. This issue does\nnot affect OS X Yosemite v10.10 or later. \nCVE-ID\nCVE-2014-8828 : Apple\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: Multiple out of bounds write issues existed in\nSceneKit. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-8829 : Jose Duart of the Google Security Team\n\nSceneKit\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Viewing a maliciously crafted Collada file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to an unexpected application termination or arbitrary code\nexecution. This issue was addressed through improved validation of\naccessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nSecurity\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A downloaded application signed with a revoked Developer ID\ncertificate may pass Gatekeeper checks\nDescription: An issue existed with how cached application\ncertificate information was evaluated. This issue was addressed with\ncache logic improvements. \nCVE-ID\nCVE-2014-8838 : Apple\n\nsecurity_taskgate\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: An app may access keychain items belonging to other apps\nDescription: An access control issue existed in the Keychain. \nApplications signed with self-signed or Developer ID certificates\ncould access keychain items whose access control lists were based on\nkeychain groups. This issue was addressed by validating the signing\nidentity when granting access to keychain groups. \nCVE-ID\nCVE-2014-8831 : Apple\n\nSpotlight\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: The sender of an email could determine the IP address of the\nrecipient\nDescription: Spotlight did not check the status of Mail\u0027s \"Load\nremote content in messages\" setting. This issue was addressed by\nimproving configuration checking. \nCVE-ID\nCVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of\nLastFriday.no\n\nSpotlight\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Spotlight may save unexpected information to an external\nhard drive\nDescription: An issue existed in Spotlight where memory contents may\nhave been written to external hard drives when indexing. This issue\nwas addressed with better memory management. \nCVE-ID\nCVE-2014-8832 : F-Secure\n\nSpotlightIndex\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Spotlight may display results for files not belonging to the\nuser\nDescription: A deserialization issue existed in Spotlight\u0027s handling\nof permission caches. A user performing a Spotlight query may have\nbeen shown search results referencing files for which they don\u0027t have\nsufficient privileges to read. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2014-8833 : David J Peacock, Independent Technology Consultant\n\nsysmond\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription: A type confusion vulnerability existed in sysmond that\nallowed a local application to escalate privileges. The issue was\naddressed with improved type checking. \nCVE-ID\nCVE-2014-8835 : Ian Beer of Google Project Zero\n\nUserAccountUpdater\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Printing-related preference files may contain sensitive\ninformation about PDF documents\nDescription: OS X Yosemite v10.10 addressed an issue in the handling\nof password-protected PDF files created from the Print dialog where\npasswords may have been included in printing preference files. This\nupdate removes such extraneous information that may have been present\nin printing preference files. \nCVE-ID\nCVE-2014-8834 : Apple\n\nNote: OS X Yosemite 10.10.2 includes the security content of Safari\n8.0.3. For further details see https://support.apple.com/kb/HT204243\n\n\nOS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\n\niQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F\nN9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET\nD1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG\nLqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX\nFcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6\n8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/\nqmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW\ngzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V\n0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA\n0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns\nsAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq\nnggZl3Sa+QhfaHSUqSJI\n=uAqk\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 26, 2014\n Bugs: #494816, #519264, #525468\n ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.1j *\u003e= 0.9.8z_p2\n \u003e= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-6449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[ 2 ] CVE-2013-6450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[ 3 ] CVE-2014-3505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[ 4 ] CVE-2014-3506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[ 5 ] CVE-2014-3507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[ 6 ] CVE-2014-3509\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[ 7 ] CVE-2014-3510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[ 8 ] CVE-2014-3511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[ 9 ] CVE-2014-3512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nRelease Date: 2015-03-16\nLast Updated: 2015-05-20\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight\nControl running OpenSSL. These vulnerabilities include the SSLv3\nvulnerability known as \"Padding Oracle on Downgraded Legacy Encryption\" or\n\"POODLE\", which could be exploited remotely to allow disclosure of\ninformation. \n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT101920\nSSRT101921\nSSRT101922\nSSRT101894\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control impacted software components and versions\n\nHP Insight Control 7.2, 7.3 and 7.4\n\n HP Insight Control server migration v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2 v7.3.3 and v 7.4.0\n\nHP Systems Insight Manager (SIM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.4.0, and 7.4.0a for Linux and Windows bundled with the following software:\n\nHP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows\nHP Version Control Agent (VCA) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2 and\nv7.3.3 for Windows\nHP Version Control Agent (VCA) v7.2.0, v7.2.2(A), v7.3.0, v7.3.2 and v7.3.3\nfor Linux\nHP Version Control Repository Manager (VCRM) v7.2.0, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.3.4, v7.4.0, and 7.4.0a for Windows\nHP Version Control Repository Manager (VCRM) v7.2.0, v7.3.4, v7.4.0 and\nv7.4.0a for Linux\n\nHP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve these\nvulnerabilities in HP Insight Control 7.2. The HP Insight Control 7.2.1\nUpdate kit applicable to HP Insight Control 7.2.x installations is available\nat the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPICE\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \n\nHP has addressed these vulnerabilities for the impacted software components\nbundled with HP Insight Control in the following HP Security Bulletins:\n\nHP Insight Control software components\n HP Security Bulletin\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03261\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571454\n\nHP System Management Homepage (SMH)\n HPSBMU03260\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571379\n\nHP Version Control Agent (VCA)\n HPSBMU03262\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571956\n\nVersion Control Repository Manager (VCRM)\n HPSBMU03259\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04570627\n\nHISTORY\nVersion:1 (rev.1) - 16 March 2015 Initial release\nVersion:2 (rev.2) - 14 April 2015 Incorrect version in Resolution\nVersion:3 (rev.3) - 20 May 2015 Updated impacted versions\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2015-0001\nSynopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion\n updates address security issues\nIssue date: 2015-01-27\nUpdated on: 2015-01-27 (Initial Advisory)\nCVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044\n\n --- OPENSSL---\n CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568\n\n --- libxml2 ---\n CVE-2014-3660\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware vCenter Server, ESXi, Workstation, Player and Fusion address\n several security issues. \n \n2. Relevant Releases\n\n VMware Workstation 10.x prior to version 10.0.5\n \n VMware Player 6.x prior to version 6.0.5\n\n VMware Fusion 7.x prior to version 7.0.1\n VMware Fusion 6.x prior to version 6.0.5\n\n vCenter Server 5.5 prior to Update 2d\n\n ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG\n ESXi 5.1 without patch ESXi510-201404101-SG\n ESXi 5.0 without patch ESXi500-201405101-SG\n\n3. Problem Description \n\n a. VMware ESXi, Workstation, Player, and Fusion host privilege\n escalation vulnerability\n\n VMware ESXi, Workstation, Player and Fusion contain an arbitrary \n file write issue. Exploitation this issue may allow for privilege\n escalation on the host. \n\n The vulnerability does not allow for privilege escalation from \n the guest Operating System to the host or vice-versa. This means\n that host memory can not be manipulated from the Guest Operating\n System. \n\n Mitigation\n \n For ESXi to be affected, permissions must have been added to ESXi\n (or a vCenter Server managing it) for a virtual machine \n administrator role or greater. \n\n VMware would like to thank Shanon Olsson for reporting this issue to\n us through JPCERT. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2014-8370 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any not affected\n Fusion 6.x any 6.0.5\n\n ESXi 5.5 ESXi ESXi550-201403102-SG\n ESXi 5.1 ESXi ESXi510-201404101-SG \n ESXi 5.0 ESXi ESXi500-201405101-SG\n\n b. VMware Workstation, Player, and Fusion Denial of Service \n vulnerability\n\n VMware Workstation, Player, and Fusion contain an input validation \n issue in the Host Guest File System (HGFS). This issue may allow\n for a Denial of Service of the Guest Operating system. \n\n VMware would like to thank Peter Kamensky from Digital Security for \n reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2015-1043 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any 7.0.1\n Fusion 6.x any 6.0.5\n\n c. VMware ESXi, Workstation, and Player Denial of Service \n vulnerability\n\n VMware ESXi, Workstation, and Player contain an input\n validation issue in VMware Authorization process (vmware-authd). \n This issue may allow for a Denial of Service of the host. On \n VMware ESXi and on Workstation running on Linux the Denial of\n Service would be partial. \n\n VMware would like to thank Dmitry Yudin @ret5et for reporting\n this issue to us through HP\u0027s Zero Day Initiative. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2015-1044 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any not affected\n Fusion 6.x any not affected\n\n ESXi 5.5 ESXi ESXi550-201501101-SG\n ESXi 5.1 ESXi ESXi510-201410101-SG\n ESXi 5.0 ESXi not affected\n\n d. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2014-3513, CVE-2014-3567, \n CVE-2014-3566 (\"POODLE\") and CVE-2014-3568 to these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n vCenter Server 5.5 any Update 2d*\n vCenter Server 5.1 any patch pending\n vCenter Server 5.0 any patch pending\n\n ESXi 5.5 ESXi ESXi550-201501101-SG \n ESXi 5.1 ESXi patch pending\n ESXi 5.0 ESXi patch pending\n\n * The VMware vCenter 5.5 SSO component will be \n updated in a later release\n \n e. Update to ESXi libxml2 package\n\n The libxml2 library is updated to version libxml2-2.7.6-17\n to resolve a security issue. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2014-3660 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n ESXi 5.5 ESXi ESXi550-201501101-SG \n ESXi 5.1 ESXi patch pending\n ESXi 5.0 ESXi patch pending\n \n4. Solution\n\n Please review the patch/release notes for your product and \n version and verify the checksum of your downloaded file. \n\n VMware Workstation 10.x\n -------------------------------- \n https://www.vmware.com/go/downloadworkstation \n\n VMware Player 6.x\n -------------------------------- \n https://www.vmware.com/go/downloadplayer \n\n VMware Fusion 7.x and 6.x\n -------------------------------- \n https://www.vmware.com/go/downloadplayer \n\n vCenter Server\n ----------------------------\n Downloads and Documentation: \n https://www.vmware.com/go/download-vsphere \n\n ESXi 5.5 Update 2d\n ----------------------------\n File: update-from-esxi5.5-5.5_update01.zip\n md5sum: 5773844efc7d8e43135de46801d6ea25\n sha1sum: 6518355d260e81b562c66c5016781db9f077161f\n http://kb.vmware.com/kb/2065832\n update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG\n\n ESXi 5.5\n ----------------------------\n File: ESXi550-201501001.zip\n md5sum: b0f2edd9ad17d0bae5a11782aaef9304\n sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1\n http://kb.vmware.com/kb/2099265\n ESXi550-201501001.zip contains ESXi550-201501101-SG\n\n ESXi 5.1\n ----------------------------\n File: ESXi510-201404001.zip\n md5sum: 9dc3c9538de4451244a2b62d247e52c4\n sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66\n http://kb.vmware.com/kb/2070666\n ESXi510-201404001 contains ESXi510-201404101-SG\n\n ESXi 5.0\n ----------------------------\n File: ESXi500-201405001.zip\n md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d\n sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5\n http://kb.vmware.com/kb/2075521\n ESXi500-201405001 contains ESXi500-201405101-SG\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2015-01-27 VMSA-2015-0001\n Initial security advisory in conjunction with the release of VMware\n Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d\n and, ESXi 5.5 Patches released on 2015-01-27. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n Consolidated list of VMware Security Advisories\n http://kb.vmware.com/kb/2078735\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2015 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.0 (Build 8741)\nCharset: utf-8\n\nwj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE\nc75UD0ctlJx5607JuLfnb6Y=\n=IxpT\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \nCorrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)\n 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)\n 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)\n 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)\n 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)\n 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)\n 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)\n 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)\nCVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. [CVE-2014-3513]. \n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. [CVE-2014-3567]. \n\nThe SSL protocol 3.0, as supported in OpenSSL and other products, supports\nCBC mode encryption where it could not adequately check the integrity of\npadding, because of the use of non-deterministic CBC padding. This\nprotocol weakness makes it possible for an attacker to obtain clear text\ndata through a padding-oracle attack. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566]. \n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol downgrade. [CVE-2014-3568]. \n\nIII. Impact\n\nA remote attacker can cause Denial of Service with OpenSSL 1.0.1\nserver implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. [CVE-2014-3513]\n\nBy sending a large number of invalid session tickets an attacker\ncould exploit this issue in a Denial Of Service attack. \n[CVE-2014-3567]. \n\nAn active man-in-the-middle attacker can force a protocol downgrade\nto SSLv3 and exploit the weakness of SSLv3 to obtain clear text data\nfrom the connection. [CVE-2014-3566] [CVE-2014-3568]\n\nIV. Workaround\n\nNo workaround is available. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 8.4, 9.1 and 9.2]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r273151\nreleng/8.4/ r273416\nstable/9/ r273151\nreleng/9.1/ r273415\nreleng/9.2/ r273415\nreleng/9.3/ r273415\nstable/10/ r273149\nreleng/10.0/ r273415\nreleng/10.1/ r273399\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII", "sources": [ { "db": "NVD", "id": "CVE-2014-3568" }, { "db": "BID", "id": "70585" }, { "db": "VULMON", "id": "CVE-2014-3568" }, { "db": "PACKETSTORM", "id": "128704" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "130132" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "130144" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "133617" }, { "db": "PACKETSTORM", "id": "128808" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3568", "trust": 2.3 }, { "db": "BID", "id": "70585", "trust": 1.4 }, { "db": "SECTRACK", "id": "1031053", "trust": 1.1 }, { "db": "SECUNIA", "id": "62124", "trust": 1.1 }, { "db": "SECUNIA", "id": "61207", "trust": 1.1 }, { "db": "SECUNIA", "id": "61819", "trust": 1.1 }, { "db": "SECUNIA", "id": "61058", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECUNIA", "id": "59627", "trust": 1.1 }, { "db": "SECUNIA", "id": "61130", "trust": 1.1 }, { "db": "SECUNIA", "id": "62070", "trust": 1.1 }, { "db": "SECUNIA", "id": "62030", "trust": 1.1 }, { "db": "SECUNIA", "id": "61073", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10091", "trust": 1.1 }, { "db": "VULMON", "id": "CVE-2014-3568", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128704", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132467", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130132", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129721", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132085", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130144", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133617", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128808", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3568" }, { "db": "BID", "id": "70585" }, { "db": "PACKETSTORM", "id": "128704" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "130132" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "130144" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "133617" }, { "db": "PACKETSTORM", "id": "128808" }, { "db": "NVD", "id": "CVE-2014-3568" } ] }, "id": "VAR-201410-1151", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.395238084 }, "last_update_date": "2024-06-17T11:32:57.198000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: CVE-2014-3568", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3568" }, { "title": "Apple: Xcode 7.0", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=768a45894d5a25fbf47fbec8f017a52b" }, { "title": "Debian Security Advisories: DSA-3053-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3" }, { "title": "Amazon Linux AMI: ALAS-2014-427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-427" }, { "title": "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=374cff59719675d8235f907c21b99bfc" }, { "title": "VMware Security Advisories: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=6e6083adbf6a5be47af800d437e987a5" }, { "title": "Apple: OS X Yosemite v10.10.2 and Security Update 2015-001", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=64cbe709a7be49c91d8a8b0f43621640" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3568" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3568" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59627" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61058" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61073" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61130" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61207" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61819" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://secunia.com/advisories/62030" }, { "trust": 1.1, "url": "http://secunia.com/advisories/62070" }, { "trust": 1.1, "url": "http://secunia.com/advisories/62124" }, { "trust": 1.1, "url": "http://support.apple.com/ht204244" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-3053" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/70585" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031053" }, { "trust": 1.1, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091" }, { "trust": 1.1, "url": "https://support.apple.com/ht205217" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=26a59d9b46574e457870197dffa802871b4c8fc7" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/151" }, { "trust": 0.3, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 " }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 " }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686792" }, { "trust": 0.3, "url": "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884030" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959134" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688284" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697995" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697165" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689482" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701452" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693662" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689347" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689743" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689332" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691140" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688762" }, { "trust": 0.3, "url": "http://seclists.org/fulldisclosure/2015/jan/108" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101009000" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699200" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700489" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687863" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.2, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-openssl-cve-2014-3568" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3568" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/hpux-cve-2014-3569" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37192" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04486577-1" }, { "trust": 0.1, "url": "https://technet.microsoft.com/library/security/3009008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4426" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4485" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4484" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4491" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht204243" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2391" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4487" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4481" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4419" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4488" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4489" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4497" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4460" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4461" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4486" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4495" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4371" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1044" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1044" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2078735" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2070666" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1043" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8370" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2075521" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2065832" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "https://www.vmware.com/go/downloadplayer" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3660" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1043" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "https://www.vmware.com/go/downloadworkstation" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3660" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2099265" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8370" }, { "trust": 0.1, "url": "https://www.vmware.com/go/download-vsphere" }, { "trust": 0.1, "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-14:23.openssl.asc\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch.asc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567\u003e" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3568" }, { "db": "BID", "id": "70585" }, { "db": "PACKETSTORM", "id": "128704" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "130132" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "130144" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "133617" }, { "db": "PACKETSTORM", "id": "128808" }, { "db": "NVD", "id": "CVE-2014-3568" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3568" }, { "db": "BID", "id": "70585" }, { "db": "PACKETSTORM", "id": "128704" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "130132" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "130144" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "133617" }, { "db": "PACKETSTORM", "id": "128808" }, { "db": "NVD", "id": "CVE-2014-3568" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-10-19T00:00:00", "db": "VULMON", "id": "CVE-2014-3568" }, { "date": "2014-10-15T00:00:00", "db": "BID", "id": "70585" }, { "date": "2014-10-17T00:03:05", "db": "PACKETSTORM", "id": "128704" }, { "date": "2015-06-29T15:35:42", "db": "PACKETSTORM", "id": "132467" }, { "date": "2015-01-28T00:36:53", "db": "PACKETSTORM", "id": "130132" }, { "date": "2014-12-26T15:46:37", "db": "PACKETSTORM", "id": "129721" }, { "date": "2015-05-29T23:37:43", "db": "PACKETSTORM", "id": "132085" }, { "date": "2015-01-28T18:22:00", "db": "PACKETSTORM", "id": "130144" }, { "date": "2015-05-29T23:37:11", "db": "PACKETSTORM", "id": "132081" }, { "date": "2015-09-19T15:31:48", "db": "PACKETSTORM", "id": "133617" }, { "date": "2014-10-22T19:54:29", "db": "PACKETSTORM", "id": "128808" }, { "date": "2014-10-19T01:55:13.980000", "db": "NVD", "id": "CVE-2014-3568" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-15T00:00:00", "db": "VULMON", "id": "CVE-2014-3568" }, { "date": "2016-09-09T15:00:00", "db": "BID", "id": "70585" }, { "date": "2023-11-07T02:20:13.390000", "db": "NVD", "id": "CVE-2014-3568" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "70585" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL \u0027no-ssl3\u0027 Build Option Security Bypass Vulnerability", "sources": [ { "db": "BID", "id": "70585" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "70585" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.