The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Multiple vulnerabilities in OpenSSL

Ritwik Ghoshal
Senior Principal Security Analyst
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3513 Denial Of Service(DoS) vulnerability 5.0 OpenSSL
Solaris 11.2
Solaris 10 SPARC: 148071-15 , 150383-06 X86: 148072-15
CVE-2014-3566 Cryptographic Issues vulnerability 4.3
CVE-2014-3567 Denial Of Service(DoS) vulnerability 4.3
CVE-2014-3568 Cryptographic Issues vulnerability 2.6

Note: This patch/SRU adds TLS_FALLBACK_SCSV support in OpenSSL.

Note: Solaris 10 is not affected by CVE-2014-3513.

Note: To address CVE-2014-3566, applications using OpenSSL in Solaris for secure communications must disable SSLv3.

Note: SPARC: 150383-06 delivers the fix for WAN Boot.

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.