You are here
OpenSSL Vulnerabilities related to Version 1.0.1i
Submitted on 8. August 2014 - 21:17 by rischi.
Last update on 13. March 2017 - 8:31.
Last update on 13. March 2017 - 8:31.
IDs:
CVE-2014-3512, CVE-2014-3511, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3509, CVE-2014-5139, CVE-2014-3508
Keywords:
openssl
Description:
OpenSSL released a new version 1.0.1i. The update fixes several security issues. Airlock may be affected by two issues (CVE-2014-3511, CVE-2014-3509). The other 7 issues are related to the DTLS protocol or to the cipher suites SRP and aECDH which are by default not used by Airlock. We rate the criticality of the issues as moderate.
Resolution:
We recommend to update OpenSSL to version 1.0.1i with hotfix HF4226 for Airlock 4.2.6.x and HF5005 for Airlock 5.0, respectively. The hotfixes will be available within the next few days.
Component:
Airlock
Airlock Vulnerability Status:
Airlock vulnerable, see resolution
Back-end Vulnerability Status:
Does not affect back-end behind Airlock
Reference: