Changes between Version 1 and Version 2 of VulnerabilitiesFixedInOpenSSL1.0.1j


Ignore:
Timestamp:
10/21/14 07:25:00 (4 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • VulnerabilitiesFixedInOpenSSL1.0.1j

    v1 v2  
    66
    77||'''Vulnerability name'''||'''ID'''||'''Affects OpenVPN?'''||'''Mitigation'''||
    8 ||SRTP Memory Leak||CVE-2014-3513||Denial-of-service only||Use of TLS auth prevents exploitation||
    9 ||Session Ticket Memory Leak||CVE-2014-3567||Denial-of-service only||Use of TLS auth prevents exploitation||
     8||SRTP Memory Leak||CVE-2014-3513||Denial-of-service only||TLS auth can[1] protect against this vulnerability||
     9||Session Ticket Memory Leak||CVE-2014-3567||Denial-of-service only||TLS auth can[1] protect against this vulnerability||
    1010||SSL 3.0 Fallback protection||CVE-2014-3568||No SSLv3 in OpenVPN, not affected||
    1111||Build option no-ssl3 is incomplete||-||No SSLv3 in OpenVPN, not affected||
     
    1313Analysis of the impact of these vulnerabilities is taken from [http://thread.gmane.org/gmane.network.openvpn.devel/9133/focus=9139 here].
    1414
     15[1] The amount of protection is limited in environments where the TLS auth key is widely distributed (large organizations) or public (VPN service providers).