Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-3507

Published: 7 August 2014

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.

Notes

AuthorNote
mdeslaur 
openssl in lucid doesn't seem vulnerable, as code is different

Priority

Medium

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian 		artful
Released (1.0.1f-1ubuntu7)
bionic
Released (1.0.1f-1ubuntu7)
cosmic
Released (1.0.1f-1ubuntu7)
disco
Released (1.0.1f-1ubuntu7)
lucid Not vulnerable

precise
Released (1.0.1-4ubuntu5.17)
trusty
Released (1.0.1f-1ubuntu2.5)
upstream
Released (0.9.8zb,1.0.1i)
utopic
Released (1.0.1f-1ubuntu7)
vivid
Released (1.0.1f-1ubuntu7)
wily
Released (1.0.1f-1ubuntu7)
xenial
Released (1.0.1f-1ubuntu7)
yakkety
Released (1.0.1f-1ubuntu7)
zesty
Released (1.0.1f-1ubuntu7)
Patches:
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=9871417fb74dca48ea1dc85ae666a6529d113ff8
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=099ccdb8084aff60efad0c91185cb465f9123859
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0c37aed3f327782645d68964cd7a714df6b8880d
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4e0fbdc4ecc81c99cd9e63f907039b4b323e642b
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=445598b35e16090b676bb168807da06518658b34
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fc15c440498f815e384f496c5913fe1db9f69a28
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6e14e7fc19ab8c16ec7e7cb69404b96cf591a575
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4c836c96c4ec507040ed9149acacddc40399155d
openssl098
Launchpad, Ubuntu, Debian 		artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

lucid Does not exist

precise Ignored
(end of life)
trusty Does not exist
(trusty was needed)
upstream
Released (0.9.8zb)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading