A New Round Of OpenSSL Vulnerabilities Discovered

Written by Michael Larabel in Free Software on 5 June 2014 at 10:46 AM EDT. 18 Comments
FREE SOFTWARE
Further fallout from the Heartbleed bug has occurred with another set of security vulnerabilities now being disclosed for OpenSSL.

Six new CVEs were made public today for OpenSSL. These potential exploits could allow for man-in-the-middle attacks, code execution, and denial of service attack. The new reports are:
- SSL/TLS MITM vulnerability (CVE-2014-0224)
- DTLS recursion flaw (CVE-2014-0221)
- DTLS invalid fragment vulnerability (CVE-2014-0195)
- SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
- SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
- Anonymous ECDH denial of service (CVE-2014-3470)
More information on these latest OpenSSL security woes can be found via the posting at OpenSSL.org.
18 Comments
Related News
Valkey Celebrates Its First Stable Release As Open-Source Redis Fork
Servo Driving Modularity To Support Different JavaScript Engines
Vim Lands XDG Base Directory Specification Support
OpenJPH 0.11 Works Toward Low-Latency High-Throughput JPEG-2000 (HTJ2K)
Dbus-Broker 36 Released For This Fastest D-Bus Implementation
Sound Open Firmware 2.9 Released With Major Performance Optimizations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
KDE's KWin Merges Wayland Explicit Sync Support
Gentoo Linux Now An SPI Project