ID

VAR-201401-0254


CVE

CVE-2013-6450


TITLE

OpenSSL of DTLS Vulnerability that triggers the use of different contexts in the implementation of retransmissions

Trust: 0.8

sources: JVNDB: JVNDB-2013-005745

DESCRIPTION

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. OpenSSL is prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSL versions 0.9.8y, and 1.0.0 through 1.0.1e are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239372 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239372 Version: 4 HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-13 Last Updated: 2014-05-13 Potential Security Impact: Remote disclosure of information, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. References: CVE-2014-0160 (SSRT101501) Disclosure of Information - "Heartbleed" CVE-2013-4353 Denial of Service (DoS) CVE-2013-6449 Denial of Service (DoS) CVE-2013-6450 Denial of Service (DoS) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4353 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6449 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6450 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH): Product version/Platform Download Location SMH 7.2.3 Windows x86 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52 SMH 7.2.3 Windows x64 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37 SMH 7.3.2.1(B) Windows x86 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a SMH 7.3.2.1(B) Windows x64 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76 SMH 7.3.2 Linux x86 http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178 SMH 7.3.2 Linux x64 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37 Notes SMH 7.2.3 recommended for customers running Windows 2003 OS Updated OpenSSL to version 1.0.1g Note: If you believe your SMH installation was exploited while it was running components vulnerable to heartbleed, there are some steps to perform after youve upgraded to the non-vulnerable components. These steps include revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the heartbleed vulnerability. Impact on VCA - VCRM communication: VCA configures VCRM by importing the SMH certificate from the SMH of VCA into the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if the user wants to continue with Trust by Certificate option, and the outdated certificate should be revoked (deleted) from each location where it was previously imported. If you use HPSIMs 2-way trust feature, and have imported SMH certificates into HPSIM, you will also need to revoke those SMH certificated from HPSIM and reimport the newly created SMH certificates. Though SMH uses OS credentials using OS-based APIs, user provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. If you suspect your systems using SMH were exploited while they were vulnerable to heartbleed, these passwords need to be reset. Frequently Asked Questions Will updated systems require a reboot after applying the SMH patch? No, reboot of the system will not be required. Installing the new build is sufficient to get back to the normal state. Is a Firmware Update necessary in addition to the SMH patch? No, only the SMH update is sufficient to remove the heartbleed-vulnerable version of SMH. Will new certificates be issued along with the patch, or need to be handled separately? If you suspect the certificate has been compromised due to this vulnerability, we do recommend to delete and revoke the certificate, or SMH will reuse the existing certificate. New certificate will be created when SMH service starts (at the end of the fresh / upgrade installation). Instructions on deleting the certificate are in the notes above. Where can I get SMH documentation? All major documents are available at: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library Select HP Insight Management under Product and Solutions & check HP System Management Homepage to get SMH related documents. What are the recommended upgrade paths? See the table below: SMH DVD SPP Recommended SMH update for Linux Recommended SMH update for Windows 2003 and Widows 2003 R2 Recommended SMH update for other Windows OS versions v7.1.2 v7.1.2 2012.10.0 v7.3.2 v7.2.3 v7.3.2 v7.2.0 v7.2.0 2013.02.0(B) v7.3.2 v7.2.3 v7.3.2 v7.2.1 v7.2u1 v7.3.2 v7.2.3 v7.3.2 v7.2.2 v7.2u2 2013.09.0(B) v7.3.2 v7.2.3 v7.3.2 v7.3.0 v7.3.0 v7.3.2 not supported v7.3.2 v7.3.1 v7.3.1 2014.02.0 v7.3.2 not supported v7.3.2 How can I verify whether my setup is patched successfully? SMH version can be verified by executing following command on: Windows: hp\hpsmh\bin\smhlogreader version Linux: /opt/hp/hpsmh/bin/smhlogreader version Will VCA-VCRM communication be impacted due to the SMH certificate being deleted? VCA configures VCRM by importing the SMH certificate (sslshare\cert.pem) from the SMH of VCA to the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if user wants to continue with Trust by Certificate option, and remove the old, previously imported certificate. Should I reset password on all managed nodes, where SMH was/is running? Though SMH uses OS credentials using OS based APIs, user-provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. Passwords need to be reset if you suspect the vulnerable version of SMH was exploited by malicious users/ hackers. HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Version:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released Version:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released Version:4 (rev.4) - 13 May 2014 Added additional remediation steps for post update installation Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ========================================================================== Ubuntu Security Notice USN-2079-1 January 09, 2014 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. (CVE-2013-4353) Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. (CVE-2013-6449) Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. (CVE-2013-6450) This update also disables the default use of the RdRand feature of certain Intel CPUs as the sole source of entropy. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.1 Ubuntu 13.04: libssl1.0.0 1.0.1c-4ubuntu8.2 Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.6 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.11 After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL 1.0.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j" All OpenSSL 0.9.8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages. References ========== [ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-39.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450 (* Security fix *) patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1f-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1f-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1f-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1f-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1f-i486-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1f-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1f-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 packages: f059432e11a6b17643e7b8f1d78c5ce3 openssl-0.9.8y-i486-1_slack13.0.txz 46c623b2e58053d308b3d9eb735be26b openssl-solibs-0.9.8y-i486-1_slack13.0.txz Slackware x86_64 13.0 packages: 4fb6f07f85ec4ea26cc67d8b1c037fa9 openssl-0.9.8y-x86_64-1_slack13.0.txz 55bafd74f182806b1dcd076f31683743 openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz Slackware 13.1 packages: 9713a64881622c63d0756ec9a5914980 openssl-0.9.8y-i486-1_slack13.1.txz 5d8e3984389bd080bc37b9d1276c7a7d openssl-solibs-0.9.8y-i486-1_slack13.1.txz Slackware x86_64 13.1 packages: 821c76387f3ffa388af9e5bf81185758 openssl-0.9.8y-x86_64-1_slack13.1.txz b6d525a53b4cda641166f19ee70a9650 openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz Slackware 13.37 packages: 5195be05b85f5eb2bd4bf9ebf0a73ff9 openssl-0.9.8y-i486-1_slack13.37.txz 5248a839148fa91de52361335dc051f5 openssl-solibs-0.9.8y-i486-1_slack13.37.txz Slackware x86_64 13.37 packages: 15e13676d0def5f0dac1e7a4704e0016 openssl-0.9.8y-x86_64-1_slack13.37.txz d4e5bd308d2e918c6bd7616343370c49 openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz Slackware 14.0 packages: 1bb0907950c9f573899db21db15eb2b7 openssl-1.0.1f-i486-1_slack14.0.txz 677d7a6f86c4ae1ba507de9e9efba2f0 openssl-solibs-1.0.1f-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: e006bdbf032de2a5b6b6a3304e96473f openssl-1.0.1f-x86_64-1_slack14.0.txz 56958f463cc6e78451c9096a266d9085 openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz Slackware 14.1 packages: e0c4e52c930fb32aa4ddf23079ac1e42 openssl-1.0.1f-i486-1_slack14.1.txz 3e51d8f2c1a9b763f037aa8dd51ad548 openssl-solibs-1.0.1f-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: 2f18bac7c335eab1251decd15d8fce4c openssl-1.0.1f-x86_64-1_slack14.1.txz a61b7c01a06974b55a692c7359d16183 openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz Slackware -current packages: c07a84c4dc4dd27cc0c452fb650f2b5b a/openssl-solibs-1.0.1f-i486-1.txz 454153984c2d8bb76ff631416cc3550a n/openssl-1.0.1f-i486-1.txz Slackware x86_64 -current packages: 9bef5de5f7d04d5c4fdd5ad62801472e a/openssl-solibs-1.0.1f-x86_64-1.txz 6523e9d4befa8e1531ffd5a9377c897b n/openssl-1.0.1f-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.1f-i486-1_slack14.1.txz openssl-solibs-1.0.1f-i486-1_slack14.1.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.1e-5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0015-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0015.html Issue date: 2014-01-08 CVE Names: CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 ===================================================================== 1. Summary: Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash. (CVE-2013-6450) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1045363 - CVE-2013-6449 openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm 1047840 - CVE-2013-6450 openssl: crash in DTLS renegotiation after packet loss 1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.1e-16.el6_5.4.src.rpm i386: openssl-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.4.i686.rpm openssl-1.0.1e-16.el6_5.4.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.1e-16.el6_5.4.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-devel-1.0.1e-16.el6_5.4.i686.rpm openssl-perl-1.0.1e-16.el6_5.4.i686.rpm openssl-static-1.0.1e-16.el6_5.4.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.4.i686.rpm openssl-devel-1.0.1e-16.el6_5.4.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.4.x86_64.rpm openssl-static-1.0.1e-16.el6_5.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.1e-16.el6_5.4.src.rpm x86_64: openssl-1.0.1e-16.el6_5.4.i686.rpm openssl-1.0.1e-16.el6_5.4.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.1e-16.el6_5.4.src.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.4.i686.rpm openssl-devel-1.0.1e-16.el6_5.4.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.4.x86_64.rpm openssl-static-1.0.1e-16.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.1e-16.el6_5.4.src.rpm i386: openssl-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-devel-1.0.1e-16.el6_5.4.i686.rpm ppc64: openssl-1.0.1e-16.el6_5.4.ppc.rpm openssl-1.0.1e-16.el6_5.4.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.4.ppc.rpm openssl-devel-1.0.1e-16.el6_5.4.ppc64.rpm s390x: openssl-1.0.1e-16.el6_5.4.s390.rpm openssl-1.0.1e-16.el6_5.4.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.s390x.rpm openssl-devel-1.0.1e-16.el6_5.4.s390.rpm openssl-devel-1.0.1e-16.el6_5.4.s390x.rpm x86_64: openssl-1.0.1e-16.el6_5.4.i686.rpm openssl-1.0.1e-16.el6_5.4.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.4.i686.rpm openssl-devel-1.0.1e-16.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.1e-16.el6_5.4.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-perl-1.0.1e-16.el6_5.4.i686.rpm openssl-static-1.0.1e-16.el6_5.4.i686.rpm ppc64: openssl-debuginfo-1.0.1e-16.el6_5.4.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.4.ppc64.rpm openssl-static-1.0.1e-16.el6_5.4.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-16.el6_5.4.s390x.rpm openssl-perl-1.0.1e-16.el6_5.4.s390x.rpm openssl-static-1.0.1e-16.el6_5.4.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.4.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.4.x86_64.rpm openssl-static-1.0.1e-16.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.1e-16.el6_5.4.src.rpm i386: openssl-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-devel-1.0.1e-16.el6_5.4.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.4.i686.rpm openssl-1.0.1e-16.el6_5.4.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.4.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.4.i686.rpm openssl-devel-1.0.1e-16.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.1e-16.el6_5.4.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.4.i686.rpm openssl-perl-1.0.1e-16.el6_5.4.i686.rpm openssl-static-1.0.1e-16.el6_5.4.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.4.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.4.x86_64.rpm openssl-static-1.0.1e-16.el6_5.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4353.html https://www.redhat.com/security/data/cve/CVE-2013-6449.html https://www.redhat.com/security/data/cve/CVE-2013-6450.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSzZgHXlSAg2UNWIIRAofWAJ0UK4cssiN2fV0WOt0Ui+wDi/A1BwCfUSDk njgv4mXCZgK/Bf84S2BcZl8= =j7J/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.52

sources: NVD: CVE-2013-6450 // JVNDB: JVNDB-2013-005745 // BID: 64618 // PACKETSTORM: 126605 // PACKETSTORM: 124734 // PACKETSTORM: 126209 // PACKETSTORM: 129721 // PACKETSTORM: 124782 // PACKETSTORM: 124640 // PACKETSTORM: 124716

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:1.0.0

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0d

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0b

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0a

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0e

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0c

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.1a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8y

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.x to 1.0.1e

Trust: 0.8

vendor:oraclemodel:integrated lights out managerscope:ltversion:3.2.4

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 4.63

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 4.71

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 5.0

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 5.1

Trust: 0.8

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.2.10

Trust: 0.3

vendor:avayamodel:cms r16 r5scope: - version: -

Trust: 0.3

vendor:ibmmodel:virtual i/o serverscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.6.1

Trust: 0.3

vendor:avayamodel:one-x client enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5

Trust: 0.3

vendor:ibmmodel:virtual i/o serverscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.0.0

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.21-21

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.6.1

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:13.10

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.5.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2

Trust: 0.3

vendor:freebsdmodel:10.0-betascope: - version: -

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.0.4

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5.1

Trust: 0.3

vendor:ibmmodel:flex system common agentscope:eqversion:1.3.1

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:solarisscope:neversion:11.1.20.5.0

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.01

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.6.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.3.2

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.1

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.6.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.5

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.3.1

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity center fix packscope:eqversion:4.2.14

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.2143

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5.1

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:neversion:3.1.2

Trust: 0.3

vendor:avayamodel:cms r16.3 r7scope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1escope: - version: -

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.28

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.21

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.2.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.18

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56009.7

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.18

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.1

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.11

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:systems director common agentscope:eqversion:6.3.4

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.0.4

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.25

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.24

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.5.1

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:77109.7

Trust: 0.3

vendor:ibmmodel:systems director common agentscope:eqversion:6.3.2

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse c3000scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:avayamodel:aura collaboration environmentscope:eqversion:2.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.1.2

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.1.185

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.0.8

Trust: 0.3

vendor:ibmmodel:flex system platform agentscope:eqversion:1.3.1

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.1.1.1

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:3.0.1

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.2

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10.0

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:3.1.1

Trust: 0.3

vendor:ibmmodel:virtual i/o serverscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:560010.1

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.18

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.4.3.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.23

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.17

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.11

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0.1

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:12.10

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:3.1

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.4

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:77009.7

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.12

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:neversion:v70001.4.33

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.26

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura experience portal sp1scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.1.1.4

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp3scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.1.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp8scope:eqversion:4.0.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2.2

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.8.3

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.11

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.02

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.1.0

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.1.1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:one-x client enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:cms r17 r4scope:neversion: -

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp10scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.07

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.2.2

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.0.9

Trust: 0.3

vendor:avayamodel:cms r16scope: - version: -

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.3

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.15

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.4.2.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.1.1.2

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.2.170

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:electricmodel:sheep fencing llc pfsensescope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.4.3.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.10

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.4.1.0

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.4.3.2

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.0.5

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse c4000scope: - version: -

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.21

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.27

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.212

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0.2

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.23

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp1scope:eqversion:4.0.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.5

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.21-20

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for imagesscope:eqversion:7.1.1.0

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:76009.7

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.5.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:smart analytics system for linuxscope:eqversion:10509.7

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp7scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.210

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.4

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:7.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:cms r17scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.2.177

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.41

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.2

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.21

Trust: 0.3

vendor:ibmmodel:security proventia network active bypassscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.3.0

Trust: 0.3

vendor:ibmmodel:netcool/system service monitor fix packscope:eqversion:4.0.014

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.23

Trust: 0.3

vendor:electricmodel:sheep fencing llc pfsensescope:neversion:2.1.1

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp11scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.4.3.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.17

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.1.4

Trust: 0.3

vendor:ibmmodel:tivoli management frameworkscope:eqversion:4.1.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.6.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.5.1

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:one-x client enablement servicesscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.4.2.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp4scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:systems director platform agentscope:eqversion:6.3.2

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7

Trust: 0.3

vendor:ibmmodel:tivoli netcool system service monitorsscope:eqversion:4.0.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.2

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.1.1

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.2.178

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.13

Trust: 0.3

vendor:avayamodel:one-x client enablement servicesscope:eqversion:6.1.2

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp12scope:eqversion:4.0.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:13.1

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.2.145

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2.1

Trust: 0.3

vendor:avayamodel:aura experience portal sp2scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:57109.7

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity center fp3scope:eqversion:4.2.2

Trust: 0.3

vendor:avayamodel:one-x client enablement servicesscope:eqversion:6.0

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.2.0

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.10

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.7.22

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.1.13

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:12.04

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.0.5

Trust: 0.3

vendor:ibmmodel:security proventia network active bypassscope:eqversion:3.0

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:4.2.2.143

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.1.5

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.16

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.20

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.13

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.3

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp13scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.0.0

Trust: 0.3

vendor:avayamodel:cms r17 r3scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.2.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:ibmmodel:netcool/system service monitor fp1scope:eqversion:4.0.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.2.9

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp9scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.2.1

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.40

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.4

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.4.32

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.211

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.2.2

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse d5100scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.3

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp6scope:eqversion:4.0.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.19

Trust: 0.3

vendor:ibmmodel:systems director platform agentscope:eqversion:6.3.4

Trust: 0.3

vendor:puppetlabsmodel:puppetscope:eqversion:2.6.14

Trust: 0.3

vendor:ibmmodel:tivoli storage productivity centerscope:eqversion:5.1.1.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.3.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8yscope: - version: -

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp5scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.2

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.6.1

Trust: 0.3

vendor:avayamodel:cms r16 r6scope: - version: -

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.5

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.3

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.03

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:virtual i/o serverscope:eqversion:2.2.14

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:8.0.0.6

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp2scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.0.1

Trust: 0.3

vendor:avayamodel:one-x client enablement services sp2scope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:system management homepage 7.3.2.1scope:neversion: -

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.3

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.5

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for images system editionscope:eqversion:x7.1.1.0

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:8.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.3

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:13.04

Trust: 0.3

vendor:ibmmodel:smart analytics system for linuxscope:eqversion:20509.7

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.13

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2.4

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.4.2.0

Trust: 0.3

sources: BID: 64618 // JVNDB: JVNDB-2013-005745 // CNNVD: CNNVD-201401-001 // NVD: CVE-2013-6450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6450
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6450
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201401-001
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-6450
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-005745 // CNNVD: CNNVD-201401-001 // NVD: CVE-2013-6450

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.8

sources: JVNDB: JVNDB-2013-005745 // NVD: CVE-2013-6450

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 124734 // CNNVD: CNNVD-201401-001

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201401-001

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005745

PATCH

title:CVE-2013-6450url:https://security-tracker.debian.org/tracker/CVE-2013-6450

Trust: 0.8

title:00001843url:http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Trust: 0.8

title:00001841url:http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Trust: 0.8

title:Fix DTLS retransmission from previous session.url:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2014 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - January 2015url:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - January 2015 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2014url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 0.8

title:RHSA-2014:0015url:http://rhn.redhat.com/errata/RHSA-2014-0015.html

Trust: 0.8

title:Multiple vulnerabilities in OpenSSL (Solaris 11.2)url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl4

Trust: 0.8

title:Multiple vulnerabilities in OpenSSL (Solaris 11.1)url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl3

Trust: 0.8

title:January 2015 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/january_2015_critical_patch_update

Trust: 0.8

title:openssl-1.0.1furl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47334

Trust: 0.6

sources: JVNDB: JVNDB-2013-005745 // CNNVD: CNNVD-201401-001

EXTERNAL IDS

db:NVDid:CVE-2013-6450

Trust: 3.4

db:BIDid:64618

Trust: 1.3

db:SECTRACKid:1029549

Trust: 1.0

db:SECTRACKid:1031594

Trust: 1.0

db:JVNDBid:JVNDB-2013-005745

Trust: 0.8

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:CNNVDid:CNNVD-201401-001

Trust: 0.6

db:PACKETSTORMid:126605

Trust: 0.1

db:PACKETSTORMid:124734

Trust: 0.1

db:PACKETSTORMid:126209

Trust: 0.1

db:PACKETSTORMid:129721

Trust: 0.1

db:PACKETSTORMid:124782

Trust: 0.1

db:PACKETSTORMid:124640

Trust: 0.1

db:PACKETSTORMid:124716

Trust: 0.1

sources: BID: 64618 // JVNDB: JVNDB-2013-005745 // PACKETSTORM: 126605 // PACKETSTORM: 124734 // PACKETSTORM: 126209 // PACKETSTORM: 129721 // PACKETSTORM: 124782 // PACKETSTORM: 124640 // PACKETSTORM: 124716 // CNNVD: CNNVD-201401-001 // NVD: CVE-2013-6450

REFERENCES

url:http://www.ubuntu.com/usn/usn-2079-1

Trust: 1.1

url:http://security.gentoo.org/glsa/glsa-201412-39.xml

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0015.html

Trust: 1.1

url:http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b

Trust: 1.0

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html

Trust: 1.0

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html

Trust: 1.0

url:http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html

Trust: 1.0

url:http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html

Trust: 1.0

url:http://seclists.org/fulldisclosure/2014/dec/23

Trust: 1.0

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Trust: 1.0

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Trust: 1.0

url:http://www.debian.org/security/2014/dsa-2833

Trust: 1.0

url:http://www.openssl.org/news/vulnerabilities.html

Trust: 1.0

url:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Trust: 1.0

url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 1.0

url:http://www.securityfocus.com/archive/1/534161/100/0/threaded

Trust: 1.0

url:http://www.securityfocus.com/bid/64618

Trust: 1.0

url:http://www.securitytracker.com/id/1029549

Trust: 1.0

url:http://www.securitytracker.com/id/1031594

Trust: 1.0

url:http://www.vmware.com/security/advisories/vmsa-2014-0012.html

Trust: 1.0

url:https://puppet.com/security/cve/cve-2013-6450

Trust: 1.0

url:https://security-tracker.debian.org/tracker/cve-2013-6450

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6450

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6450

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2013-6450

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2013-6449

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-4353

Trust: 0.5

url:http://openssl.org/

Trust: 0.3

url:http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52

Trust: 0.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.2

url:http://www.hp.com/swpublishing/mtx-3d92ccccf85f404e8ba36a8178

Trust: 0.2

url:http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0160

Trust: 0.2

url:http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37

Trust: 0.2

url:http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1c-4ubuntu8.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.11

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.1

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-41199f68c1144acb84a5798bf0

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-2e19c856f0e84e20a14c63ecd0

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3511

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3568

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3510

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3507

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3509

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3506

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-5139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4353

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6449

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://marc.info/?l=openssl-announce&m=138747119822324&w=2

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-6450.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-6449.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-4353.html

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://access.redhat.com/site/articles/11258

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

sources: BID: 64618 // JVNDB: JVNDB-2013-005745 // PACKETSTORM: 126605 // PACKETSTORM: 124734 // PACKETSTORM: 126209 // PACKETSTORM: 129721 // PACKETSTORM: 124782 // PACKETSTORM: 124640 // PACKETSTORM: 124716 // CNNVD: CNNVD-201401-001 // NVD: CVE-2013-6450

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 64618

SOURCES

db:BIDid:64618
db:JVNDBid:JVNDB-2013-005745
db:PACKETSTORMid:126605
db:PACKETSTORMid:124734
db:PACKETSTORMid:126209
db:PACKETSTORMid:129721
db:PACKETSTORMid:124782
db:PACKETSTORMid:124640
db:PACKETSTORMid:124716
db:CNNVDid:CNNVD-201401-001
db:NVDid:CVE-2013-6450

LAST UPDATE DATE

2024-11-11T22:34:25.558000+00:00


SOURCES UPDATE DATE

db:BIDid:64618date:2015-05-12T19:46:00
db:JVNDBid:JVNDB-2013-005745date:2015-08-03T00:00:00
db:CNNVDid:CNNVD-201401-001date:2022-02-18T00:00:00
db:NVDid:CVE-2013-6450date:2023-11-07T02:17:12.327

SOURCES RELEASE DATE

db:BIDid:64618date:2013-12-20T00:00:00
db:JVNDBid:JVNDB-2013-005745date:2014-01-06T00:00:00
db:PACKETSTORMid:126605date:2014-05-13T18:24:00
db:PACKETSTORMid:124734date:2014-01-10T02:26:27
db:PACKETSTORMid:126209date:2014-04-17T22:05:06
db:PACKETSTORMid:129721date:2014-12-26T15:46:37
db:PACKETSTORMid:124782date:2014-01-14T22:22:00
db:PACKETSTORMid:124640date:2014-01-03T14:07:58
db:PACKETSTORMid:124716date:2014-01-09T01:36:19
db:CNNVDid:CNNVD-201401-001date:2014-01-02T00:00:00
db:NVDid:CVE-2013-6450date:2014-01-01T16:05:15.017