PublicDateAtUSN: 2014-10-15
Candidate: CVE-2014-3567
PublicDate: 2014-10-19 01:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
 https://www.openssl.org/news/secadv_20141015.txt
 https://ubuntu.com/security/notices/USN-2385-1
Description:
 Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL
 before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote
 attackers to cause a denial of service (memory consumption) via a crafted
 session ticket that triggers an integrity-check failure.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_openssl:
 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7fd4ce6a997be5f5c9e744ac527725c2850de203 (1.0.1)
 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2ed80d14d7159de7b52c7720128459e8c24a94d5 (0.9.8)
upstream_openssl: released (0.9.8zc,1.0.1j)
lucid_openssl: released (0.9.8k-7ubuntu8.22)
precise_openssl: released (1.0.1-4ubuntu5.20)
precise/esm_openssl: released (1.0.1-4ubuntu5.20)
trusty_openssl: released (1.0.1f-1ubuntu2.7)
trusty/esm_openssl: released (1.0.1f-1ubuntu2.7)
utopic_openssl: released (1.0.1f-1ubuntu9)
vivid_openssl: released (1.0.1f-1ubuntu9)
vivid/stable-phone-overlay_openssl: released (1.0.1f-1ubuntu9)
vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu9)
wily_openssl: released (1.0.1f-1ubuntu9)
xenial_openssl: released (1.0.1f-1ubuntu9)
esm-infra/xenial_openssl: released (1.0.1f-1ubuntu9)
yakkety_openssl: released (1.0.1f-1ubuntu9)
zesty_openssl: released (1.0.1f-1ubuntu9)
artful_openssl: released (1.0.1f-1ubuntu9)
bionic_openssl: released (1.0.1f-1ubuntu9)
cosmic_openssl: released (1.0.1f-1ubuntu9)
disco_openssl: released (1.0.1f-1ubuntu9)
devel_openssl: released (1.0.1f-1ubuntu9)

Patches_openssl098:
upstream_openssl098: needs-triage
lucid_openssl098: DNE
precise_openssl098: ignored (reached end-of-life)
precise/esm_openssl098: DNE (precise was needed)
trusty_openssl098: ignored (reached end-of-life)
trusty/esm_openssl098: DNE (trusty was needed)
utopic_openssl098: ignored (reached end-of-life)
vivid_openssl098: ignored (reached end-of-life)
vivid/stable-phone-overlay_openssl098: DNE
vivid/ubuntu-core_openssl098: DNE
wily_openssl098: DNE
xenial_openssl098: DNE
yakkety_openssl098: DNE
zesty_openssl098: DNE
artful_openssl098: DNE
bionic_openssl098: DNE
cosmic_openssl098: DNE
disco_openssl098: DNE
devel_openssl098: DNE