Professional Documents
Culture Documents
03
Information about OpenSSL Security Fixes
Summary
Seven vulnerabilities have been reported in the popular OpenSSL cryptographic software library and security
fixes were released by the OpenSSL project in June 5th 2014.
Alcatel-Lucent Enterprise voice products using affected version of OpenSSL 0.9.8, 1.0.0 and 1.0.1 are
concerned by this security alert.
Please, note that no public exploit has been disclosed.
References
OpenSSL Security Advisory
http://www.openssl.org/news/secadv_20140605.txt
Advisory severity
CVSS Base score : 6.8 - AV:N/AC:M/Au:N/C:C/I:N/A:N
CVE number:
CVE-2014-0076
CVSS Base score : 6.8 - AV:N/AC:M/Au:N/C:C/I:N/A:N
CVE-2014-0195
CVSS Base score : 6.8 - AV:N/AC:M/Au:N/C:C/I:N/A:N
CVE-2014-0198
CVSS Base score : 4.3 - AV:N/AC:M/Au:N/C:C/I:N/A:N
CVE-2014-0221
CVSS Base score : 4.3 - AV:N/AC:M/Au:N/C:C/I:N/A:N
CVE-2014-0224
CVSS Base score : 6.8 - AV:N/AC:M/Au:N/C:C/I:N/A:N
CVE-2014-3470
CVSS Base score : 4.3 - AV:N/AC:M/Au:N/C:C/I:N/A:N
CVE-2010-5298
CVSS Base score : 4.0 - AV:N/AC:M/Au:N/C:C/I:N/A:N
Alcatel-Lucent Enterprise voice products using affected version of OpenSSL 0.9.8, 1.0.0 and 1.0.1 are
concerned by this security alert.
Please, note that no public exploit has been disclosed.
History
Ed.01 (2014 June 11th) : Vulnerability Information Creation
Ed.02 (2014 July 21st) : Release updates
Ed.03 (2014 September 29th) : Release updates