| Errata ID | 272 |
|---|---|
| Date | 2015-01-13 |
| Source package | openssl |
| Fixed in version | 0.9.8o-4.86.201501120758 |
| Description | Multiple security vulnerabilities have been found in OpenSSL: * Denial of service in DTLS (2014-3571) * ECDHE can be downgraded to ECDH, resulting in a loss of forward secrecy (CVE-2014-3572) * Weaker RSA keys can be negotiated by the SSL/TLS server (CVE-2015-0204) * Certificate fingerprints can be modified (CVE-2014-8275) * Bignum squaring may produce incorrect results (CVE-2014-3570) |
| Additional notes | |
| CVE ID | CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 |
| UCS Bug number | #37493 |
