Changes between Version 1 and Version 2 of VulnerabilitiesFixedInOpenSSL1.0.1j
- Timestamp:
- 10/21/14 07:25:00 (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
VulnerabilitiesFixedInOpenSSL1.0.1j
v1 v2 6 6 7 7 ||'''Vulnerability name'''||'''ID'''||'''Affects OpenVPN?'''||'''Mitigation'''|| 8 ||SRTP Memory Leak||CVE-2014-3513||Denial-of-service only|| Use of TLS auth prevents exploitation||9 ||Session Ticket Memory Leak||CVE-2014-3567||Denial-of-service only|| Use of TLS auth prevents exploitation||8 ||SRTP Memory Leak||CVE-2014-3513||Denial-of-service only||TLS auth can[1] protect against this vulnerability|| 9 ||Session Ticket Memory Leak||CVE-2014-3567||Denial-of-service only||TLS auth can[1] protect against this vulnerability|| 10 10 ||SSL 3.0 Fallback protection||CVE-2014-3568||No SSLv3 in OpenVPN, not affected|| 11 11 ||Build option no-ssl3 is incomplete||-||No SSLv3 in OpenVPN, not affected|| … … 13 13 Analysis of the impact of these vulnerabilities is taken from [http://thread.gmane.org/gmane.network.openvpn.devel/9133/focus=9139 here]. 14 14 15 [1] The amount of protection is limited in environments where the TLS auth key is widely distributed (large organizations) or public (VPN service providers).