CVE-2014-0160 in Ubuntu

CVE-2014-0160

Priority

High

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do
not properly handle Heartbeat Extension packets, which allows remote
attackers to obtain sensitive information from process memory via crafted
packets that trigger a buffer over-read, as demonstrated by reading private
keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://www.openssl.org/news/secadv_20140407.txt
http://heartbleed.com/
https://usn.ubuntu.com/usn/usn-2165-1

Assigned-to

mdeslaur

Package

Source: openssl098 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected

Package

Source: openssl (LP Ubuntu Debian)

Upstream:	released (1.0.1g)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1.0.1f-1ubuntu2)

Patches:

Upstream:

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 (1.0.1)

More Information

Updated: 2017-12-15 20:33:10 UTC (commit 13913)