Fél tucat új OpenSSL biztonsági hiba bejelentés

SSL/TLS MITM vulnerability (CVE-2014-0224) - "carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack"
DTLS recursion flaw (CVE-2014-0221) - "By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack."
DTLS invalid fragment vulnerability (CVE-2014-0195) - "A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server."
SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198) - "A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference."
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) - "A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service."
Anonymous ECDH denial of service (CVE-2014-3470) - "OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack."