2014-04-08
ALT-BU-2014-2694-1
Branch sisyphus update bulletin.
Package ImageMagick updated to version 6.8.8.10-alt1 for branch sisyphus in task 117490.
Closed vulnerabilities
Published: 2020-02-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-1958
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html
- http://trac.imagemagick.org/changeset/14801
- http://trac.imagemagick.org/changeset/14801
- http://ubuntu.com/usn/usn-2132-1
- http://ubuntu.com/usn/usn-2132-1
- http://www.openwall.com/lists/oss-security/2014/02/13/2
- http://www.openwall.com/lists/oss-security/2014/02/13/2
- http://www.openwall.com/lists/oss-security/2014/02/13/5
- http://www.openwall.com/lists/oss-security/2014/02/13/5
- https://www.openwall.com/lists/oss-security/2014/02/19/13
- https://www.openwall.com/lists/oss-security/2014/02/19/13
Closed bugs
without lcms2
Closed vulnerabilities
Published: 2014-03-25
BDU:2015-00130
Уязвимость программного обеспечения Cisco IPS, позволяющая злоумышленнику получить одноразовый код (nonce) ECDSA
Severity: LOW (1.9)
References:
Published: 2014-03-25
BDU:2015-00131
Уязвимость программного обеспечения Cisco Unified Communications Manager, позволяющая злоумышленнику получить одноразовый код (nonce) ECDSA
Severity: LOW (1.9)
References:
Published: 2014-04-08
BDU:2015-09760
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
References:
Published: 2014-03-25
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-0076
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Severity: LOW (1.9)
References:
- http://advisories.mageia.org/MGASA-2014-0165.html
- http://advisories.mageia.org/MGASA-2014-0165.html
- http://eprint.iacr.org/2014/140
- http://eprint.iacr.org/2014/140
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- openSUSE-SU-2014:0480
- openSUSE-SU-2014:0480
- HPSBUX03046
- HPSBUX03046
- SSRT101590
- SSRT101590
- HPSBOV03047
- HPSBOV03047
- HPSBMU03057
- HPSBMU03057
- HPSBMU03056
- HPSBMU03056
- HPSBMU03051
- HPSBMU03051
- HPSBGN03050
- HPSBGN03050
- HPSBMU03074
- HPSBMU03074
- HPSBMU03062
- HPSBMU03062
- HPSBMU03076
- HPSBMU03076
- 58492
- 58492
- 58727
- 58727
- 58939
- 58939
- 59040
- 59040
- 59162
- 59162
- 59175
- 59175
- 59264
- 59264
- 59300
- 59300
- 59364
- 59364
- 59374
- 59374
- 59413
- 59413
- 59438
- 59438
- 59445
- 59445
- 59450
- 59450
- 59454
- 59454
- 59490
- 59490
- 59495
- 59495
- 59514
- 59514
- 59655
- 59655
- 59721
- 59721
- 60571
- 60571
- http://support.apple.com/kb/HT6443
- http://support.apple.com/kb/HT6443
- 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
- 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
- MDVSA-2014:067
- MDVSA-2014:067
- MDVSA-2015:062
- MDVSA-2015:062
- http://www.novell.com/support/kb/doc.php?id=7015264
- http://www.novell.com/support/kb/doc.php?id=7015264
- http://www.novell.com/support/kb/doc.php?id=7015300
- http://www.novell.com/support/kb/doc.php?id=7015300
- http://www.openssl.org/news/secadv_20140605.txt
- http://www.openssl.org/news/secadv_20140605.txt
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 66363
- 66363
- USN-2165-1
- USN-2165-1
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=swg21673137
- http://www-01.ibm.com/support/docview.wss?uid=swg21673137
- http://www-01.ibm.com/support/docview.wss?uid=swg21676035
- http://www-01.ibm.com/support/docview.wss?uid=swg21676035
- http://www-01.ibm.com/support/docview.wss?uid=swg21676062
- http://www-01.ibm.com/support/docview.wss?uid=swg21676062
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www-01.ibm.com/support/docview.wss?uid=swg21676419
- http://www-01.ibm.com/support/docview.wss?uid=swg21676419
- http://www-01.ibm.com/support/docview.wss?uid=swg21676424
- http://www-01.ibm.com/support/docview.wss?uid=swg21676424
- http://www-01.ibm.com/support/docview.wss?uid=swg21676501
- http://www-01.ibm.com/support/docview.wss?uid=swg21676501
- http://www-01.ibm.com/support/docview.wss?uid=swg21676655
- http://www-01.ibm.com/support/docview.wss?uid=swg21676655
- http://www-01.ibm.com/support/docview.wss?uid=swg21677695
- http://www-01.ibm.com/support/docview.wss?uid=swg21677695
- http://www-01.ibm.com/support/docview.wss?uid=swg21677828
- http://www-01.ibm.com/support/docview.wss?uid=swg21677828
- https://bugs.gentoo.org/show_bug.cgi?id=505278
- https://bugs.gentoo.org/show_bug.cgi?id=505278
- https://bugzilla.novell.com/show_bug.cgi?id=869945
- https://bugzilla.novell.com/show_bug.cgi?id=869945
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- https://kc.mcafee.com/corporate/index?page=content&id=SB10075
- https://kc.mcafee.com/corporate/index?page=content&id=SB10075
Published: 2014-04-08
Modified: 2025-04-03
Modified: 2025-04-03
CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- http://advisories.mageia.org/MGASA-2014-0165.html
- http://advisories.mageia.org/MGASA-2014-0165.html
- http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
- http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
- http://cogentdatahub.com/ReleaseNotes.html
- http://cogentdatahub.com/ReleaseNotes.html
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
- http://heartbleed.com/
- http://heartbleed.com/
- FEDORA-2014-4879
- FEDORA-2014-4879
- FEDORA-2014-4910
- FEDORA-2014-4910
- FEDORA-2014-9308
- FEDORA-2014-9308
- openSUSE-SU-2014:0492
- openSUSE-SU-2014:0492
- SUSE-SA:2014:002
- SUSE-SA:2014:002
- openSUSE-SU-2014:0560
- openSUSE-SU-2014:0560
- HPSBMU02995
- HPSBMU02995
- HPSBMU02994
- HPSBMU02994
- HPSBMU02998
- HPSBMU02998
- HPSBMU02997
- HPSBMU02997
- HPSBST03001
- HPSBST03001
- HPSBMU02999
- HPSBMU02999
- HPSBGN03008
- HPSBGN03008
- HPSBGN03010
- HPSBGN03010
- HPSBMU03012
- HPSBMU03012
- HPSBMU03019
- HPSBMU03019
- HPSBMU03017
- HPSBMU03017
- HPSBMU03018
- HPSBMU03018
- HPSBST03015
- HPSBST03015
- HPSBMU03013
- HPSBMU03013
- HPSBGN03011
- HPSBGN03011
- HPSBHF03021
- HPSBHF03021
- HPSBPI03014
- HPSBPI03014
- HPSBMU03020
- HPSBMU03020
- HPSBST03016
- HPSBST03016
- HPSBMU03023
- HPSBMU03023
- HPSBMU03025
- HPSBMU03025
- HPSBMU03022
- HPSBMU03022
- HPSBMU03024
- HPSBMU03024
- HPSBPI03031
- HPSBPI03031
- HPSBMU03029
- HPSBMU03029
- HPSBMU03028
- HPSBMU03028
- HPSBMU03033
- HPSBMU03033
- HPSBMU03030
- HPSBMU03030
- HPSBMU03032
- HPSBMU03032
- HPSBMU03009
- HPSBMU03009
- HPSBST03004
- HPSBST03004
- HPSBST03027
- HPSBST03027
- HPSBMU03040
- HPSBMU03040
- HPSBMU03044
- HPSBMU03044
- HPSBMU03037
- HPSBMU03037
- HPSBMU03062
- HPSBMU03062
- HPSBHF03136
- HPSBHF03136
- HPSBHF03293
- HPSBHF03293
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- SSRT101846
- SSRT101846
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
- RHSA-2014:0376
- RHSA-2014:0376
- RHSA-2014:0377
- RHSA-2014:0377
- RHSA-2014:0378
- RHSA-2014:0378
- RHSA-2014:0396
- RHSA-2014:0396
- 20140409 Re: heartbleed OpenSSL bug CVE-2014-0160
- 20140409 Re: heartbleed OpenSSL bug CVE-2014-0160
- 20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL
- 20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL
- 20140412 Re: heartbleed OpenSSL bug CVE-2014-0160
- 20140412 Re: heartbleed OpenSSL bug CVE-2014-0160
- 20140408 heartbleed OpenSSL bug CVE-2014-0160
- 20140408 heartbleed OpenSSL bug CVE-2014-0160
- 20140408 Re: heartbleed OpenSSL bug CVE-2014-0160
- 20140408 Re: heartbleed OpenSSL bug CVE-2014-0160
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 57347
- 57347
- 57483
- 57483
- 57721
- 57721
- 57836
- 57836
- 57966
- 57966
- 57968
- 57968
- 59139
- 59139
- 59243
- 59243
- 59347
- 59347
- http://support.citrix.com/article/CTX140605
- http://support.citrix.com/article/CTX140605
- 20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
- 20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
- http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
- http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
- http://www.blackberry.com/btsc/KB35882
- http://www.blackberry.com/btsc/KB35882
- DSA-2896
- DSA-2896
- 32745
- 32745
- 32764
- 32764
- http://www.f-secure.com/en/web/labs_global/fsc-2014-1
- http://www.f-secure.com/en/web/labs_global/fsc-2014-1
- http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
- http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
- http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
- http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
- http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
- http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
- VU#720951
- VU#720951
- http://www.kerio.com/support/kerio-control/release-history
- http://www.kerio.com/support/kerio-control/release-history
- MDVSA-2015:062
- MDVSA-2015:062
- http://www.openssl.org/news/secadv_20140407.txt
- http://www.openssl.org/news/secadv_20140407.txt
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
- http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 66690
- 66690
- 1030026
- 1030026
- 1030074
- 1030074
- 1030077
- 1030077
- 1030078
- 1030078
- 1030079
- 1030079
- 1030080
- 1030080
- 1030081
- 1030081
- 1030082
- 1030082
- http://www.splunk.com/view/SP-CAAAMB3
- http://www.splunk.com/view/SP-CAAAMB3
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
- USN-2165-1
- USN-2165-1
- TA14-098A
- TA14-098A
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
- http://www-01.ibm.com/support/docview.wss?uid=swg21670161
- http://www-01.ibm.com/support/docview.wss?uid=swg21670161
- https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
- https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
- https://bugzilla.redhat.com/show_bug.cgi?id=1084875
- https://bugzilla.redhat.com/show_bug.cgi?id=1084875
- https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
- https://code.google.com/p/mod-spdy/issues/detail?id=85
- https://code.google.com/p/mod-spdy/issues/detail?id=85
- https://filezilla-project.org/versions.php?type=server
- https://filezilla-project.org/versions.php?type=server
- https://gist.github.com/chapmajs/10473815
- https://gist.github.com/chapmajs/10473815
- HPSBST03000
- HPSBST03000
- [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
- [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
- [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
- [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
- [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/
- [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/
- [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
- [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
- [syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released
- [syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released
- https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
- https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
- https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
- https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
- https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
- https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
- https://www.cert.fi/en/reports/2014/vulnerability788210.html
- https://www.cert.fi/en/reports/2014/vulnerability788210.html
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
- https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
- https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd