Release Notes › Advanced Password Services (APS) Release Notes › New and Changed Features for Advanced Password Services
New and Changed Features for Advanced Password Services
Upgrade of CAPKI
CA SiteMinder® is upgraded to use CAPKI 4.3.4 to fix the following OpenSSL vulnerabilities:
- CVE-2014-0224: An SSL/TLS MITM vulnerability exists in OpenSSL 0.9.8y and earlier. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
- CVE-2014-0221: DTLS recursion flaw exists in OpenSSL 0.9.8y and earlier. By sending an invalid DTLS handshake to an OpenSSL DTLS client, the code can be made to recurse, eventually crashing in a DoS attack.
- CVE-2014-3470: Anonymous ECDH denial of service flaw exists in OpenSSL 0.9.8y and earlier. OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
- CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack".
For more information about the vulnerabilities, see the OpenSSL documentation.
Copyright © 2014 CA.
All rights reserved.
|
|