openssl

• Author: kikadf
• Vulnerable: 1.0.1-5arcturus5
• Unaffected: 1.0.1-5arcturus6

Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139