-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Product Advisory ID: cisco-sa-20150310-ssl Revision: 1.0 For Public Release 2015 March 10 16:00 UTC (GMT) +-------------------------------------------------------------------- Summary ======= Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue This advisory will be updated as additional information becomes available. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVP8MJIpI1I6i1Mx3AQLxhA/8DUVbGTvot9vBiI1FpTIp/ZfvAJYKxwAM taBIzm8sUUA2EP6gewoWmqqrZnzjR4uxXFL1tEHSX08Grw27Rd+Kq8o1LCdmcrRK le79SejHXVeHrCplGyy6AlnWMizzmFnhHS4QxRKfsuMftTRVCYpvnOR8qYWBUmP4 HuQfc5vYSEcyOFP9Hp6VNOLQqdjxLmXfKmb5L3PiSoZsIFVsrcIcB4OrxiGxvNw/ YCbyb2ty1IrE4y9nLfWacUFQCjHywrl3bQUoNxGPVL1X+piDUUX0Tylar0gIqRS7 pLU+RFxwUMIxlFv37kmoYYg4wjU4Wpsz5gNRwlx0zaldSoerBkY2nUf7EgsFPive n6PT/8d/e06GTvuD2JQpNNF0NdpRF4y1DERrIpGZ/RDGJco1xHvL/Kbl2xpux5ZP leteRH4NZXokbjVg8bf2pmN30w7HpD/Qm0X0uLCVSlvWF29g4UsHrdUSl4tgX/V1 d2fCwxEol78BhiCIteKd6y+7vwxNSE6RdYOECwd9jrZGooj3cTP7+MzhquJwuEIf eskizp4SUyBibCZ+lvHo42WbFH6DEtWkyx6nGzGFP4iCE5BwOIIHwc2rVcWC3VBx d00FYN/lZPnpLIaV7mo9dSGfVtK9nZlMcsI44WdeAT5fn3A0yqM8IvqgkYy0Cn1h VYd/dz2A7Qg= =k6Eo -----END PGP SIGNATURE-----