version 1.409, 2014/04/09 20:36:50 |
version 1.410, 2014/04/12 17:39:57 |
|
|
failure to check the server hostname when connecting to an https |
failure to check the server hostname when connecting to an https |
website, allowing any trusted CA-signed certificate to impersonate |
website, allowing any trusted CA-signed certificate to impersonate |
any other website.</a> |
any other website.</a> |
|
<li><a href="errata55.html#004_openssl">April 12, 2014: |
|
A use-after-free race condition in OpenSSL's read buffer may permit |
|
an attacker to inject data from one connection into another.</a> |
</ul> |
</ul> |
|
|
<li><a name="54"></a> |
<li><a name="54"></a> |
|
|
<li><a href="errata54.html#007_openssl">April 7, 2014: |
<li><a href="errata54.html#007_openssl">April 7, 2014: |
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS |
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS |
heartbeat extension (RFC6520) which can result in a leak of memory contents.</a> |
heartbeat extension (RFC6520) which can result in a leak of memory contents.</a> |
|
<li><a href="errata54.html#008_openssl">April 12, 2014: |
|
A use-after-free race condition in OpenSSL's read buffer may permit |
|
an attacker to inject data from one connection into another.</a> |
</ul> |
</ul> |
|
|
<li><a name="53"></a> |
<li><a name="53"></a> |
|
|
<li><a href="errata53.html#014_openssl">April 7, 2014: |
<li><a href="errata53.html#014_openssl">April 7, 2014: |
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS |
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS |
heartbeat extension (RFC6520) which can result in a leak of memory contents.</a> |
heartbeat extension (RFC6520) which can result in a leak of memory contents.</a> |
|
<li><a href="errata54.html#015_openssl">April 12, 2014: |
|
A use-after-free race condition in OpenSSL's read buffer may permit |
|
an attacker to inject data from one connection into another.</a> |
</ul> |
</ul> |
|
|
<br><p><b> |
<br><p><b> |