OpenSSL Security Advisory
Aug 6 2014 - "Information leak in pretty printing functions (CVE-2014-3508)
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from the
stack. Applications may be affected if they echo pretty printing output to the
attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
OpenSSL 0.9.8 users should upgrade to 0.9.8zb
OpenSSL 1.0.0 users should upgrade to 1.0.0n.
OpenSSL 1.0.1 users should upgrade to 1.0.1i.
... The issue affects OpenSSL clients and allows a malicious server to crash
the client with a null pointer dereference (read) by specifying an SRP
ciphersuite even though it was not properly negotiated with the client. This can
be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i ..."
CVE Reference: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
Aug 7 2014
Impact: Denial of service via network, Disclosure of system information, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 0.9.8zb, 1.0.0n, 1.0.1i ...
Edited by AplusWebMaster, 07 August 2014 - 07:35 PM.