oss-sec mailing list archives

OpenDaylight security advisory: CVE-2015-3414 CVE-2015-3416 SQLite memory corruption, CVE-2015-4000 LOGJAM TLS MITM

From: David Jorm <david.jorm () gmail com>
Date: Tue, 30 Jun 2015 09:04:22 +1000

Hi All

OpenDaylight Lithium GA has now been released, including patches for
several security vulnerabilities:

[Moderate] CVE-2015-3414 CVE-2015-3416 AAA: SQLite memory corruption
leading to DoS and possible code execution

[Moderate] CVE-2015-4000 OpenDaylight: TLS connections which support export
grade DHE key-exchange are vulnerable to MITM attacks (LOGJAM)

Full details, including links to patched builds, are available on the
OpenDaylight security advisories page:

https://wiki.opendaylight.org/view/Security_Advisories
Thanks
David Jorm on behalf of the OpenDaylight security response team

Current thread:

OpenDaylight security advisory: CVE-2015-3414 CVE-2015-3416 SQLite memory corruption, CVE-2015-4000 LOGJAM TLS MITM David Jorm (Jun 29)