var-201401-0254
Vulnerability from variot

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. OpenSSL is prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSL versions 0.9.8y, and 1.0.0 through 1.0.1e are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239372

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04239372 Version: 4

HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-04-13 Last Updated: 2014-05-13

Potential Security Impact: Remote disclosure of information, Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information.

References:

CVE-2014-0160 (SSRT101501) Disclosure of Information - "Heartbleed" CVE-2013-4353 Denial of Service (DoS) CVE-2013-6449 Denial of Service (DoS) CVE-2013-6450 Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2013-4353 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6449 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6450 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH):

Product version/Platform Download Location

SMH 7.2.3 Windows x86 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52

SMH 7.2.3 Windows x64 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37

SMH 7.3.2.1(B) Windows x86 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a

SMH 7.3.2.1(B) Windows x64 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76

SMH 7.3.2 Linux x86 http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178

SMH 7.3.2 Linux x64 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37

Notes

SMH 7.2.3 recommended for customers running Windows 2003 OS Updated OpenSSL to version 1.0.1g

Note: If you believe your SMH installation was exploited while it was running components vulnerable to heartbleed, there are some steps to perform after youve upgraded to the non-vulnerable components. These steps include revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the heartbleed vulnerability.

Impact on VCA - VCRM communication: VCA configures VCRM by importing the SMH certificate from the SMH of VCA into the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if the user wants to continue with Trust by Certificate option, and the outdated certificate should be revoked (deleted) from each location where it was previously imported. If you use HPSIMs 2-way trust feature, and have imported SMH certificates into HPSIM, you will also need to revoke those SMH certificated from HPSIM and reimport the newly created SMH certificates. Though SMH uses OS credentials using OS-based APIs, user provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. If you suspect your systems using SMH were exploited while they were vulnerable to heartbleed, these passwords need to be reset.

Frequently Asked Questions

Will updated systems require a reboot after applying the SMH patch? No, reboot of the system will not be required. Installing the new build is sufficient to get back to the normal state. Is a Firmware Update necessary in addition to the SMH patch? No, only the SMH update is sufficient to remove the heartbleed-vulnerable version of SMH. Will new certificates be issued along with the patch, or need to be handled separately? If you suspect the certificate has been compromised due to this vulnerability, we do recommend to delete and revoke the certificate, or SMH will reuse the existing certificate. New certificate will be created when SMH service starts (at the end of the fresh / upgrade installation). Instructions on deleting the certificate are in the notes above. Where can I get SMH documentation? All major documents are available at: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library Select HP Insight Management under Product and Solutions & check HP System Management Homepage to get SMH related documents.

What are the recommended upgrade paths? See the table below: SMH DVD SPP Recommended SMH update for Linux Recommended SMH update for Windows 2003 and Widows 2003 R2 Recommended SMH update for other Windows OS versions

v7.1.2 v7.1.2 2012.10.0 v7.3.2 v7.2.3 v7.3.2

v7.2.0 v7.2.0 2013.02.0(B) v7.3.2 v7.2.3 v7.3.2

v7.2.1 v7.2u1

v7.3.2 v7.2.3 v7.3.2

v7.2.2 v7.2u2 2013.09.0(B) v7.3.2 v7.2.3 v7.3.2

v7.3.0 v7.3.0

v7.3.2 not supported v7.3.2

v7.3.1 v7.3.1 2014.02.0 v7.3.2 not supported v7.3.2

How can I verify whether my setup is patched successfully? SMH version can be verified by executing following command on: Windows: hp\hpsmh\bin\smhlogreader version Linux: /opt/hp/hpsmh/bin/smhlogreader version Will VCA-VCRM communication be impacted due to the SMH certificate being deleted? VCA configures VCRM by importing the SMH certificate (sslshare\cert.pem) from the SMH of VCA to the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if user wants to continue with Trust by Certificate option, and remove the old, previously imported certificate. Should I reset password on all managed nodes, where SMH was/is running? Though SMH uses OS credentials using OS based APIs, user-provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. Passwords need to be reset if you suspect the vulnerable version of SMH was exploited by malicious users/ hackers.

HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Version:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released Version:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released Version:4 (rev.4) - 13 May 2014 Added additional remediation steps for post update installation

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd fm4AoKM1d7+F05Xo87Bicnmh0OHidg/O =bK11 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-2079-1 January 09, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. (CVE-2013-4353)

Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. (CVE-2013-6449)

Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. (CVE-2013-6450)

This update also disables the default use of the RdRand feature of certain Intel CPUs as the sole source of entropy.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.1

Ubuntu 13.04: libssl1.0.0 1.0.1c-4ubuntu8.2

Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.6

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.11

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2079-1 CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.1 https://launchpad.net/ubuntu/+source/openssl/1.0.1c-4ubuntu8.2 https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.6 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.11

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-14:03.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2014-01-14 Affects: FreeBSD 10.0 prior to 10.0-RC5 Corrected: 2014-01-07 20:04:41 UTC (stable/10, 10.0-PRERELEASE) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC5) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC1-p1) CVE Name: CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. [CVE-2013-4353]

A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. [CVE-2013-6450]

A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. [CVE-2013-6449]

III.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch.asc

gpg --verify openssl.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision


stable/10/ r260404 releng/10.0/ r260405


To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39


                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39


Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

References

[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-39.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] openssl (SSA:2014-013-02)

New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450 ( Security fix ) patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1f-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1f-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1f-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1f-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1f-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1f-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1f-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: f059432e11a6b17643e7b8f1d78c5ce3 openssl-0.9.8y-i486-1_slack13.0.txz 46c623b2e58053d308b3d9eb735be26b openssl-solibs-0.9.8y-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 4fb6f07f85ec4ea26cc67d8b1c037fa9 openssl-0.9.8y-x86_64-1_slack13.0.txz 55bafd74f182806b1dcd076f31683743 openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 9713a64881622c63d0756ec9a5914980 openssl-0.9.8y-i486-1_slack13.1.txz 5d8e3984389bd080bc37b9d1276c7a7d openssl-solibs-0.9.8y-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 821c76387f3ffa388af9e5bf81185758 openssl-0.9.8y-x86_64-1_slack13.1.txz b6d525a53b4cda641166f19ee70a9650 openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5195be05b85f5eb2bd4bf9ebf0a73ff9 openssl-0.9.8y-i486-1_slack13.37.txz 5248a839148fa91de52361335dc051f5 openssl-solibs-0.9.8y-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 15e13676d0def5f0dac1e7a4704e0016 openssl-0.9.8y-x86_64-1_slack13.37.txz d4e5bd308d2e918c6bd7616343370c49 openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz

Slackware 14.0 packages: 1bb0907950c9f573899db21db15eb2b7 openssl-1.0.1f-i486-1_slack14.0.txz 677d7a6f86c4ae1ba507de9e9efba2f0 openssl-solibs-1.0.1f-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: e006bdbf032de2a5b6b6a3304e96473f openssl-1.0.1f-x86_64-1_slack14.0.txz 56958f463cc6e78451c9096a266d9085 openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz

Slackware 14.1 packages: e0c4e52c930fb32aa4ddf23079ac1e42 openssl-1.0.1f-i486-1_slack14.1.txz 3e51d8f2c1a9b763f037aa8dd51ad548 openssl-solibs-1.0.1f-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 2f18bac7c335eab1251decd15d8fce4c openssl-1.0.1f-x86_64-1_slack14.1.txz a61b7c01a06974b55a692c7359d16183 openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz

Slackware -current packages: c07a84c4dc4dd27cc0c452fb650f2b5b a/openssl-solibs-1.0.1f-i486-1.txz 454153984c2d8bb76ff631416cc3550a n/openssl-1.0.1f-i486-1.txz

Slackware x86_64 -current packages: 9bef5de5f7d04d5c4fdd5ad62801472e a/openssl-solibs-1.0.1f-x86_64-1.txz 6523e9d4befa8e1531ffd5a9377c897b n/openssl-1.0.1f-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1f-i486-1_slack14.1.txz openssl-solibs-1.0.1f-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u1.

For the unstable distribution (sid), these problems have been fixed in version 1.0.1e-5.

We recommend that you upgrade your openssl packages.

The updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450


Updated Packages:

Mandriva Business Server 1/X86_64: 0a21492e02429e199dfc88e8d502de88 mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.1.mbs1.x86_64.rpm 13eaad31a74bb167ce0d661eb25b5ca1 mbs1/x86_64/lib64openssl-devel-1.0.0k-1.1.mbs1.x86_64.rpm fca41114d79983a4d7600ba9a97cea3f mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.1.mbs1.x86_64.rpm acaf2f9638cf2bafeeb3a0aebc173e85 mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.1.mbs1.x86_64.rpm 8d7142a0c95315a29de750e2e29f2174 mbs1/x86_64/openssl-1.0.0k-1.1.mbs1.x86_64.rpm 35c5ec534b80c03ae237526e75c52c18 mbs1/SRPMS/openssl-1.0.0k-1.1.mbs1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0254",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "cms r16 r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "virtual i/o server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "virtual i/o server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-21"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "flex system common agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.20.5.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "tivoli storage productivity center fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.14"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2143"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "puppet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.2"
      },
      {
        "model": "cms r16.3 r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56009.7"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.18"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.11"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "systems director common agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "systems director common agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.185"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "flex system platform agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.0.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.1"
      },
      {
        "model": "virtual i/o server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "560010.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.18"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.17"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.4"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.4"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.3"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "cms r17 r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "cms r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.3"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.15"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.170"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "sheep fencing llc pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "electric",
        "version": "2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.10"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.21"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.23"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-20"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76009.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "smart analytics system for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10509.7"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.177"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "netcool/system service monitor fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.014"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "sheep fencing llc pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "electric",
        "version": "2.1.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.4"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "systems director platform agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.178"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.13"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.145"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57109.7"
      },
      {
        "model": "tivoli storage productivity center fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.10"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.22"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.13"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.143"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.13"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "systems director platform agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.14"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "cms r16 r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.5"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "virtual i/o server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.04"
      },
      {
        "model": "smart analytics system for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20509.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "64618"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6450",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6450",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-001",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. OpenSSL is prone to multiple security-bypass vulnerabilities. \nSuccessfully exploiting these issues may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. \nOpenSSL versions 0.9.8y, and 1.0.0 through 1.0.1e are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04239372\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04239372\nVersion: 4\n\nHPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on\nLinux and Windows, Remote Disclosure of Information, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-13\nLast Updated: 2014-05-13\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS). Also\nincluded is the OpenSSL vulnerability known as \"Heartbleed\" which could be\nexploited remotely resulting in disclosure of information. \n\nReferences:\n\nCVE-2014-0160 (SSRT101501) Disclosure of Information - \"Heartbleed\"\nCVE-2013-4353 Denial of Service (DoS)\nCVE-2013-6449 Denial of Service (DoS)\nCVE-2013-6450 Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\nv7.3.1 for Linux and Windows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4353    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2013-6449    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2013-6450    (AV:N/AC:M/Au:N/C:N/I:P/A:P)       5.8\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH):\n\nProduct version/Platform\n Download Location\n\nSMH 7.2.3 Windows x86\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n\nSMH 7.2.3 Windows x64\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n\nSMH 7.3.2.1(B) Windows x86\n http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a\n\nSMH 7.3.2.1(B) Windows x64\n http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76\n\nSMH 7.3.2 Linux x86\n http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178\n\nSMH 7.3.2 Linux x64\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n\nNotes\n\nSMH 7.2.3 recommended for customers running Windows 2003 OS\nUpdated OpenSSL to version 1.0.1g\n\nNote: If you believe your SMH installation was exploited while it was running\ncomponents vulnerable to heartbleed, there are some steps to perform after\nyouve upgraded to the non-vulnerable components. These steps include\nrevoking, recreating, and re-importing certificates and resetting passwords\nthat might have been harvested by a malicious attacker using the heartbleed\nvulnerability. \n\nImpact on VCA - VCRM communication: VCA configures VCRM by importing the SMH\ncertificate from the SMH of VCA into the SMH of VCRM. When this certificate\nis deleted \u0026 regenerated (as suggested before), it needs to be (re)imported\nif the user wants to continue with Trust by Certificate option, and the\noutdated certificate should be revoked (deleted) from each location where it\nwas previously imported. \nIf you use HPSIMs 2-way trust feature, and have imported SMH certificates\ninto HPSIM, you will also need to revoke those SMH certificated from HPSIM\nand reimport the newly created SMH certificates. \nThough SMH uses OS credentials using OS-based APIs, user provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. If you suspect your systems using SMH were exploited while they\nwere vulnerable to heartbleed, these passwords need to be reset. \n\nFrequently Asked Questions\n\nWill updated systems require a reboot after applying the SMH patch?\nNo, reboot of the system will not be required. Installing the new build is\nsufficient to get back to the normal state. \nIs a Firmware Update necessary in addition to the SMH patch?\nNo, only the SMH update is sufficient to remove the heartbleed-vulnerable\nversion of SMH. \nWill new certificates be issued along with the patch, or need to be handled\nseparately?\nIf you suspect the certificate has been compromised due to this\nvulnerability, we do recommend to delete and revoke the certificate, or SMH\nwill reuse the existing certificate. New certificate will be created when SMH\nservice starts (at the end of the fresh / upgrade installation). Instructions\non deleting the certificate are in the notes above. \nWhere can I get SMH documentation?\nAll major documents are available at:\nhttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library\nSelect HP Insight Management under Product and Solutions \u0026 check HP System\nManagement Homepage to get SMH related documents. \n\nWhat are the recommended upgrade paths?\nSee the table below:\nSMH\n DVD\n SPP\n Recommended SMH update for Linux\n Recommended SMH update for Windows 2003 and Widows 2003 R2\n Recommended SMH update for other Windows OS versions\n\nv7.1.2\n v7.1.2\n 2012.10.0\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.0\n v7.2.0\n 2013.02.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.1\n v7.2u1\n\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.2\n v7.2u2\n 2013.09.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.3.0\n v7.3.0\n\n v7.3.2\n not supported\n v7.3.2\n\nv7.3.1\n v7.3.1\n 2014.02.0\n v7.3.2\n not supported\n v7.3.2\n\nHow can I verify whether my setup is patched successfully?\nSMH version can be verified by executing following command on:\nWindows: hp\\hpsmh\\bin\\smhlogreader version\nLinux: /opt/hp/hpsmh/bin/smhlogreader version\nWill VCA-VCRM communication be impacted due to the SMH certificate being\ndeleted?\nVCA configures VCRM by importing the SMH certificate (sslshare\\cert.pem) from\nthe SMH of VCA to the SMH of VCRM. When this certificate is deleted \u0026\nregenerated (as suggested before), it needs to be (re)imported if user wants\nto continue with Trust by Certificate option, and remove the old, previously\nimported certificate. \nShould I reset password on all managed nodes, where SMH was/is running?\nThough SMH uses OS credentials using OS based APIs, user-provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. Passwords need to be reset if you suspect the vulnerable version of\nSMH was exploited by malicious users/ hackers. \n\nHISTORY\nVersion:1 (rev.1) - 13 April 2014 Initial release\nVersion:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released\nVersion:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released\nVersion:4 (rev.4) - 13 May 2014 Added additional remediation steps for post\nupdate installation\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd\nfm4AoKM1d7+F05Xo87Bicnmh0OHidg/O\n=bK11\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-2079-1\nJanuary 09, 2014\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 13.04\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2013-4353)\n\nRon Barber discovered that OpenSSL used an incorrect data structure to\nobtain a version number. (CVE-2013-6449)\n\nDmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS\nretransmissions. (CVE-2013-6450)\n\nThis update also disables the default use of the RdRand feature of certain\nIntel CPUs as the sole source of entropy. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.1\n\nUbuntu 13.04:\n  libssl1.0.0                     1.0.1c-4ubuntu8.2\n\nUbuntu 12.10:\n  libssl1.0.0                     1.0.1c-3ubuntu2.6\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.11\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2079-1\n  CVE-2013-4353, CVE-2013-6449, CVE-2013-6450\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.1\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1c-4ubuntu8.2\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.6\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.11\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:03.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2014-01-14\nAffects:        FreeBSD 10.0 prior to 10.0-RC5\nCorrected:      2014-01-07 20:04:41 UTC (stable/10, 10.0-PRERELEASE)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC5)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC4-p1)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC3-p1)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC2-p1)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC1-p1)\nCVE Name:       CVE-2013-4353, CVE-2013-6449, CVE-2013-6450\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA carefully crafted invalid TLS handshake could crash OpenSSL with a NULL\npointer exception. [CVE-2013-4353]\n\nA flaw in DTLS handling can cause an application using OpenSSL and DTLS to\ncrash. [CVE-2013-6450]\n\nA flaw in OpenSSL can cause an application using OpenSSL to crash when using\nTLS version 1.2. [CVE-2013-6449]\n\nIII. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch.asc\n# gpg --verify openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/10/                                                        r260404\nreleng/10.0/                                                      r260405\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 26, 2014\n     Bugs: #494816, #519264, #525468\n       ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1j              *\u003e= 0.9.8z_p2\n                                                            \u003e= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[  1 ] CVE-2013-6449\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[  2 ] CVE-2013-6450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[  3 ] CVE-2014-3505\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[  4 ] CVE-2014-3506\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[  5 ] CVE-2014-3507\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[  6 ] CVE-2014-3509\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[  7 ] CVE-2014-3510\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[  8 ] CVE-2014-3511\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[  9 ] CVE-2014-3512\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  openssl (SSA:2014-013-02)\n\nNew openssl packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1f-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes the following security issues:\n    Fix for TLS record tampering bug CVE-2013-4353\n    Fix for TLS version checking bug CVE-2013-6449\n    Fix for DTLS retransmission bug CVE-2013-6450\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1f-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1f-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1f-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1f-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1f-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1f-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1f-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\nf059432e11a6b17643e7b8f1d78c5ce3  openssl-0.9.8y-i486-1_slack13.0.txz\n46c623b2e58053d308b3d9eb735be26b  openssl-solibs-0.9.8y-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n4fb6f07f85ec4ea26cc67d8b1c037fa9  openssl-0.9.8y-x86_64-1_slack13.0.txz\n55bafd74f182806b1dcd076f31683743  openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n9713a64881622c63d0756ec9a5914980  openssl-0.9.8y-i486-1_slack13.1.txz\n5d8e3984389bd080bc37b9d1276c7a7d  openssl-solibs-0.9.8y-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n821c76387f3ffa388af9e5bf81185758  openssl-0.9.8y-x86_64-1_slack13.1.txz\nb6d525a53b4cda641166f19ee70a9650  openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5195be05b85f5eb2bd4bf9ebf0a73ff9  openssl-0.9.8y-i486-1_slack13.37.txz\n5248a839148fa91de52361335dc051f5  openssl-solibs-0.9.8y-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n15e13676d0def5f0dac1e7a4704e0016  openssl-0.9.8y-x86_64-1_slack13.37.txz\nd4e5bd308d2e918c6bd7616343370c49  openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n1bb0907950c9f573899db21db15eb2b7  openssl-1.0.1f-i486-1_slack14.0.txz\n677d7a6f86c4ae1ba507de9e9efba2f0  openssl-solibs-1.0.1f-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne006bdbf032de2a5b6b6a3304e96473f  openssl-1.0.1f-x86_64-1_slack14.0.txz\n56958f463cc6e78451c9096a266d9085  openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\ne0c4e52c930fb32aa4ddf23079ac1e42  openssl-1.0.1f-i486-1_slack14.1.txz\n3e51d8f2c1a9b763f037aa8dd51ad548  openssl-solibs-1.0.1f-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n2f18bac7c335eab1251decd15d8fce4c  openssl-1.0.1f-x86_64-1_slack14.1.txz\na61b7c01a06974b55a692c7359d16183  openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\nc07a84c4dc4dd27cc0c452fb650f2b5b  a/openssl-solibs-1.0.1f-i486-1.txz\n454153984c2d8bb76ff631416cc3550a  n/openssl-1.0.1f-i486-1.txz\n\nSlackware x86_64 -current packages:\n9bef5de5f7d04d5c4fdd5ad62801472e  a/openssl-solibs-1.0.1f-x86_64-1.txz\n6523e9d4befa8e1531ffd5a9377c897b  n/openssl-1.0.1f-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1f-i486-1_slack14.1.txz openssl-solibs-1.0.1f-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1e-5. \n\nWe recommend that you upgrade your openssl packages. \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 0a21492e02429e199dfc88e8d502de88  mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.1.mbs1.x86_64.rpm\n 13eaad31a74bb167ce0d661eb25b5ca1  mbs1/x86_64/lib64openssl-devel-1.0.0k-1.1.mbs1.x86_64.rpm\n fca41114d79983a4d7600ba9a97cea3f  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.1.mbs1.x86_64.rpm\n acaf2f9638cf2bafeeb3a0aebc173e85  mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.1.mbs1.x86_64.rpm\n 8d7142a0c95315a29de750e2e29f2174  mbs1/x86_64/openssl-1.0.0k-1.1.mbs1.x86_64.rpm \n 35c5ec534b80c03ae237526e75c52c18  mbs1/SRPMS/openssl-1.0.0k-1.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      },
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "db": "PACKETSTORM",
        "id": "124824"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6450",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "64618",
        "trust": 1.3
      },
      {
        "db": "SECTRACK",
        "id": "1031594",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1029549",
        "trust": 1.0
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "126457",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126605",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124734",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124794",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129721",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124782",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124640",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124824",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "db": "PACKETSTORM",
        "id": "124824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "id": "VAR-201401-0254",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-23T22:18:17.213000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.1f",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47334"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2079-1"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.0,
        "url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b"
      },
      {
        "trust": 1.0,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0015.html"
      },
      {
        "trust": 1.0,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2014/dsa-2833"
      },
      {
        "trust": 1.0,
        "url": "http://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/64618"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1029549"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1031594"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.0,
        "url": "https://puppet.com/security/cve/cve-2013-6450"
      },
      {
        "trust": 1.0,
        "url": "https://security-tracker.debian.org/tracker/cve-2013-6450"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4353"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-3d92ccccf85f404e8ba36a8178"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-4ubuntu8.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:03/openssl.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6449\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4353\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6450\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:03.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:03/openssl.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4353"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=openssl-announce\u0026m=138747119822324\u0026w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "db": "PACKETSTORM",
        "id": "124824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "db": "PACKETSTORM",
        "id": "124824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-20T00:00:00",
        "db": "BID",
        "id": "64618"
      },
      {
        "date": "2014-05-03T02:16:52",
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "date": "2014-05-13T18:24:00",
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "date": "2014-01-10T02:26:27",
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "date": "2014-01-15T18:02:22",
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "date": "2014-12-26T15:46:37",
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "date": "2014-01-14T22:22:00",
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "date": "2014-01-03T14:07:58",
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "date": "2014-01-18T03:07:40",
        "db": "PACKETSTORM",
        "id": "124824"
      },
      {
        "date": "2014-01-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "date": "2014-01-01T16:05:15.017000",
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-12T19:46:00",
        "db": "BID",
        "id": "64618"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "date": "2023-11-07T02:17:12.327000",
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.