1
PublicDateAtUSN: 2014-04-07
2
Candidate: CVE-2014-0160
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
6
http://www.openssl.org/news/secadv_20140407.txt
8
https://usn.ubuntu.com/usn/usn-2165-1
10
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do
11
not properly handle Heartbeat Extension packets, which allows remote
12
attackers to obtain sensitive information from process memory via crafted
13
packets that trigger a buffer over-read, as demonstrated by reading private
14
keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
19
Discovered-by: Neel Mehta
23
upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 (1.0.1)
24
upstream_openssl: released (1.0.1g)
25
lucid_openssl: not-affected (code not present)
26
precise_openssl: released (1.0.1-4ubuntu5.12)
27
quantal_openssl: released (1.0.1c-3ubuntu2.7)
28
saucy_openssl: released (1.0.1e-3ubuntu1.2)
29
devel_openssl: released (1.0.1f-1ubuntu2)
32
upstream_openssl098: not-affected
34
precise_openssl098: not-affected
35
quantal_openssl098: not-affected
36
saucy_openssl098: not-affected
37
devel_openssl098: not-affected