Launchpad CVE tracker

CVE 2014-3572

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

Related bugs and status

CVE-2014-3572 (Candidate) is related to these bugs:

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/ope...
CONFIRM: https://www.openssl.or...
MANDRIVA: MDVSA-2015:019
BID: 71942
DEBIAN: DSA-3125
SUSE: openSUSE-SU-2015:0130
CISCO: 20150310 Multiple Vuln...
REDHAT: RHSA-2015:0066
SUSE: SUSE-SU-2015:0578
MANDRIVA: MDVSA-2015:062
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-04-08-2
CONFIRM: http://www.oracle.com/...
SUSE: SUSE-SU-2015:0946
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: https://bto.bluecoat.c...
SUSE: openSUSE-SU-2016:0640
SECTRACK: 1033378
SUSE: openSUSE-SU-2015:1277
CONFIRM: http://kb.juniper.net/...
CONFIRM: https://kc.mcafee.com/...
CONFIRM: https://kc.mcafee.com/...
HP: HPSBUX03244
HP: SSRT101885
HP: HPSBGN03299
HP: HPSBHF03289
HP: SSRT101987
HP: HPSBMU03380
HP: HPSBMU03396
HP: HPSBMU03397
HP: HPSBMU03409
HP: HPSBMU03413
HP: HPSBOV03318
HP: HPSBUX03162
CONFIRM: http://www.oracle.com/...
CONFIRM: https://support.citrix...

Launchpad.net

CVE 2014-3572

Related bugs and status

Related bugs

References