ALT-PU-2014-1451-1

Package update openssl10 in branch sisyphus

Version1.0.1g-alt1

Published2014-04-08

Max severityHIGH

Severity:

Closed issues (5)

LOW1.9

Уязвимость программного обеспечения Cisco IPS, позволяющая злоумышленнику получить одноразовый код (nonce) ECDSA

Published: 2016-07-06Modified: 2016-11-28

CVSS 2.0LOW 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:N

References

LOW1.9

Уязвимость программного обеспечения Cisco Unified Communications Manager, позволяющая злоумышленнику получить одноразовый код (nonce) ECDSA

Published: 2016-07-06Modified: 2016-11-28

CVSS 2.0LOW 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:N

References

MEDIUM5.0

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

Published: 2015-04-28Modified: 2026-04-22

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

References

LOW1.9

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Published: 2014-03-25Modified: 2025-04-12

CVSS 2.0LOW 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:N

References

HIGH7.5

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Published: 2014-04-07Modified: 2026-04-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References