Impact of the OpenSSL Security Advisory [19 Mar 2015] on Backup Exec family of products
Article ID: 100015247
Updated On:
Resolution
Veritas Backup Exec is not affected by these vulnerabilities.
Issue/Introduction
OpenSSL project has issued a security advisory and released critical updates to patch several vulnerabilities on the 19th March 2015.
The following is the list of vulnerabilities and the details are described in their Security Advisory.
The following is the list of vulnerabilities and the details are described in their Security Advisory.
- OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
- Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
- Multiblock corrupted pointer (CVE-2015-0290)
- Segmentation fault in DTLSv1_listen (CVE-2015-0207)
- Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
- Segmentation fault for invalid PSS parameters (CVE-2015-0208)
- ASN.1 structure reuse memory corruption (CVE-2015-0287)
- PKCS7 NULL pointer dereferences (CVE-2015-0289)
- Base64 decode (CVE-2015-0292)
- DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
- Empty CKE with client auth and DHE (CVE-2015-1787)
- Handshake with unseeded PRNG (CVE-2015-0285)
- Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
- X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
Was this article helpful?
Yes
No
Powered by
