CVE-2015-0209

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8zf OpenSSL versions prior to 1.0.0r OpenSSL versions prior to 1.0.0r OpenSSL versions prior to 1.0.1m OpenSSL versions prior to 1.0.2a openssl-libs (affected versions not specified) openssl (affected versions not specified) openssl-static (affected versions not specified) openssl-perl (affected versions not specified) openssl-devel (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the OpenSSL package, which could allow remote attackers to cause a denial of service or corrupt portions of OpenSSL process memory. Exploitation of these vulnerabilities may lead to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely.

Recommendations For OpenSSL versions prior to 0.9.8zf, update to version 0.9.8zf or later. For OpenSSL versions prior to 1.0.0r, update to version 1.0.0r or later. For OpenSSL versions prior to 1.0.1m, update to version 1.0.1m or later. For OpenSSL versions prior to 1.0.2a, update to version 1.0.2a or later. For openssl-libs, openssl, openssl-static, openssl-perl, and openssl-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.