OpenSSL Multiple Vulnerabilities (20140806 - 1) - Linux

OpenSSL is prone to multiple vulnerabilities.

The following flaws exist: - CVE-2014-3508: A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. - CVE-2014-3505: A Double Free was found when processing DTLS packets. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This could lead to a Denial of Service attack. - CVE-2014-3506: A DTLS flaw leading to memory exhaustion was found. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This could lead to a Denial of Service attack. - CVE-2014-3507: A DTLS memory leak from zero-length fragments was found. By sending carefully crafted DTLS packets an attacker could cause OpenSSL to leak memory. - CVE-2014-3510: A flaw in handling DTLS anonymous EC(DH) ciphersuites was found. OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.

OpenSSL version 0.9.8 through 0.9.8za, 1.0.0 through 1.0.0m and 1.0.1 through 1.0.1h.

Checks if a vulnerable version is present on the target host.

Update to version 0.9.8zb, 1.0.0n, 1.0.1i or later.