Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 30 Jun 2015 09:04:22 +1000
From: David Jorm <david.jorm@...il.com>
To: oss-security@...ts.openwall.com, 
	opendaylight-announce@...ts.opendaylight.org, 
	security-announce@...ts.opendaylight.org
Subject: OpenDaylight security advisory: CVE-2015-3414 CVE-2015-3416 SQLite
 memory corruption, CVE-2015-4000 LOGJAM TLS MITM

Hi All

OpenDaylight Lithium GA has now been released, including patches for
several security vulnerabilities:

[Moderate] CVE-2015-3414 CVE-2015-3416 AAA: SQLite memory corruption
leading to DoS and possible code execution

[Moderate] CVE-2015-4000 OpenDaylight: TLS connections which support export
grade DHE key-exchange are vulnerable to MITM attacks (LOGJAM)

Full details, including links to patched builds, are available on the
OpenDaylight security advisories page:

https://wiki.opendaylight.org/view/Security_Advisories
Thanks
David Jorm on behalf of the OpenDaylight security response team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ