PublicDateAtUSN: 2015-01-08
Candidate: CVE-2015-0206
PublicDate: 2015-01-09 02:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
 https://ubuntu.com/security/notices/USN-2459-1
Description:
 Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL
 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to
 cause a denial of service (memory consumption) by sending many duplicate
 records for the next epoch, leading to failure of replay detection.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Chris Mueller
Assigned-to: mdeslaur
CVSS: 

Patches_openssl:
 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=04685bc949e90a877656cf5020b6d4f90a9636a6 (1.0.1)
upstream_openssl: released (1.0.1k)
lucid_openssl: not-affected
precise_openssl: released (1.0.1-4ubuntu5.21)
trusty_openssl: released (1.0.1f-1ubuntu2.8)
trusty/esm_openssl: released (1.0.1f-1ubuntu2.8)
utopic_openssl: released (1.0.1f-1ubuntu9.1)
devel_openssl: released (1.0.1f-1ubuntu10)

Patches_openssl098:
upstream_openssl098: not-affected
lucid_openssl098: DNE
precise_openssl098: not-affected
trusty_openssl098: not-affected
trusty/esm_openssl098: DNE (trusty was not-affected)
utopic_openssl098: not-affected
devel_openssl098: not-affected