openssl

• Author: kikadf
• Vulnerable: 1.0.1-5arcturus4
• Unaffected: 1.0.1-5arcturus5

Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. Kikuchi Masashi discovered that OpenSSL incorrectly handled certain handshakes. Felix Gröbert and Ivan Fratrić discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470