Wind River Support Network

HomeDefectsLIN5-19247
Fixed

LIN5-19247 : Security Advisory - openssl - CVE-2014-3511

Created: Aug 14, 2014    Updated: Dec 19, 2017
Resolved Date: Aug 14, 2014
Previous ID: LIN4-31670
Found In Version: 5.0.1.18
Fix Version: 5.0.1.18
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. (original advisory). Reported by David Benjamin and Adam Langley (Google). 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511

Fixed in OpenSSL 1.0.1i (Affected 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) 

Other Downloads


Live chat
Online