RHSA-2015:0066MediumCVSS 5.3
Red Hat Security Advisory: openssl security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2014-3570 — openssl: Bignum squaring may produce incorrect results CVE-2014-3571 — openssl: DTLS segmentation fault in dtls1_get_record CVE-2014-3572 — openssl: ECDH downgrade bug fix CVE-2014-8275 — openssl: Fix various certificate fingerprint issues CVE-2015-0204 — openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) CVE-2015-0205 — openssl: DH client certificates accepted without verification CVE-2015-0206 — openssl: DTLS memory leak in dtls1_buffer_record
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2015:0066
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://www.openssl.org/news/secadv_20150108.txt
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1180184
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1180185
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1180187
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1180234
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1180235
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1180239
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1180240
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0066.json