A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling. This may allow an attacker to decrypt traffic such as a credit card transaction or perform various other attacks.
If you are running OpenSSL versions 1.0.1 through 1.0.1f, we recommend that you update as soon as possible to OpenSSL version 1.0.1g or later; or, if your platform has provided a patch, that you apply it accordingly.
Red Hat, Inc.
Mandriva S. A.
Slackware Linux Inc.
Check Point Software Technologies
US-Cert Vulnerability Note VU#720951
Vulnerability Summary for CVE-2014-0160
Additional information about this vulnerability can be viewed at:
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or email@example.com.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.