製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenSSL の s3_pkt.c の ssl3_read_bytes 関数におけるセッション間でデータを挿入される脆弱性

Title	OpenSSL の s3_pkt.c の ssl3_read_bytes 関数におけるセッション間でデータを挿入される脆弱性
Summary	OpenSSL の s3_pkt.c の ssl3_read_bytes 関数には、SSL_MODE_RELEASE_BUFFERS が有効な場合、競合状態により、セッション間でデータを挿入される、またはサービス運用妨害 (Use-after-free および構文解析エラー) 状態にされる脆弱性が存在します。
Possible impacts	第三者により、マルチスレッド環境での SSL 接続を介して、セッション間でデータを挿入される、またはサービス運用妨害 (Use-after-free および構文解析エラー) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 8, 2010, midnight
Registration Date	April 16, 2014, 3:37 p.m.
Last Update	Dec. 17, 2015, 5:37 p.m.

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:H/Au:N/C:N/I:P/A:P

Affected System

オラクル

Oracle Virtualization の Oracle Secure Global Desktop 4.63

Oracle Virtualization の Oracle Secure Global Desktop 4.71

Oracle Virtualization の Oracle Secure Global Desktop 5.0

Oracle Virtualization の Oracle Secure Global Desktop 5.1

Oracle VM VirtualBox 3.2.24 未満

Oracle VM VirtualBox 4.0.26 未満

Oracle VM VirtualBox 4.1.34 未満

Oracle VM VirtualBox 4.2.26 未満

Oracle VM VirtualBox 4.3.14 未満

IBM

IBM API Management 3.0 (IBM PureApplication System および XEN)

IBM API Management 3.0 (VMWare)

IBM InfoSphere Master Data Management Patient Hub 10.0

IBM InfoSphere Master Data Management Provider Hub 10.0

IBM InfoSphere Master Data Management Standard/Advanced Edition 11.0

IBM InfoSphere Master Data Management Standard/Advanced Edition 11.3

IBM Initiate Master Data Service 10.0

IBM Initiate Master Data Service 10.1

IBM Initiate Master Data Service 8.5

IBM Initiate Master Data Service 9.0

IBM Initiate Master Data Service 9.2

IBM Initiate Master Data Service 9.5

IBM Initiate Master Data Service 9.7

IBM Initiate Master Data Service Patient Hub 9.5

IBM Initiate Master Data Service Patient Hub 9.7

IBM Initiate Master Data Service Provider Hub 9.5

IBM Initiate Master Data Service Provider Hub 9.7

IBM SDK, for Node.js 1.1.0.3 およびそれ以前

IBM Security Access Manager for Mobile アプライアンス 8.0

IBM Security Access Manager for Web アプライアンス 7.0

IBM Security Access Manager for Web アプライアンス 8.0

IBM SmartCloud Orchestrator 2.3

IBM SmartCloud Orchestrator 2.3 FP1

IBM SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance

IBM SmartCloud Provisioning 2.3

IBM SmartCloud Provisioning 2.3 FP1

IBM Tivoli Management Framework 4.1.1 (linux-ix86 および linux-s390)

OpenSSL Project

OpenSSL 1.0.1g まで

日立

L20/300

LTO6ドライブ

Lx/30A

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-5298	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
National Vulnerability Database (NVD)
2	CVE-2010-5298	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
SECURITY BLOG
3	CVE-2010-5298 Race Conditions vulnerability in OpenSSL	https://blogs.oracle.com/sunsecurity/entry/cve_2010_5298_race_conditions

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-362	https://jvndb.jvn.jp/ja/cwe/CWE-362.html

ベンダー情報

No	Name	URL
BlackBerry Knowledge Base
1	KB36051	http://www.blackberry.com/btsc/KB36051
Cisco Security Advisory
2	cisco-sa-20140605-openssl	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
FreeBSD
3	Contents of /head/security/openssl/files/patch-ssl-s3_pkt.c	http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup
Hitachi Incdent Response Team
4	HIRT-PUB14010	http://www.hitachi.co.jp/hirt/publications/hirt-pub14010/index.html
IBM Support Document
5	1673137	http://www-01.ibm.com/support/docview.wss?uid=swg21673137
6	1676035	http://www-01.ibm.com/support/docview.wss?uid=swg21676035
7	1676062	http://www-01.ibm.com/support/docview.wss?uid=swg21676062
8	1676419	http://www-01.ibm.com/support/docview.wss?uid=swg21676419
9	1676655	http://www-01.ibm.com/support/docview.wss?uid=swg21676655
10	1677695	http://www-01.ibm.com/support/docview.wss?uid=swg21677695
11	1677828	http://www-01.ibm.com/support/docview.wss?uid=swg21677828
12	1678167	http://www-01.ibm.com/support/docview.wss?uid=swg21678167
Knowledge Base
13	2079783	http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2079783
McAfee Security Bulletin
14	SB10075	https://kc.mcafee.com/corporate/index?page=content&id=SB10075
OpenBSD
15	004_openssl.patch.sig	http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
OpenSSL
16	#2167: openssl-1.0.0-beta5 - fails if used from multiple threads and with	https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
OpenSSL Security Advisory
17	SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)	http://www.openssl.org/news/secadv_20140605.txt
Oracle Critical Patch Update
18	Oracle Critical Patch Update Advisory - January 2015	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
19	Oracle Critical Patch Update Advisory - July 2014	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
20	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html
21	Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html
Security Advisories
22	SA80	https://kb.bluecoat.com/index?page=content&id=SA80
Security Advisory
23	Huawei-SA-20140613-OpenSSL	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
SECURITY BLOG
24	January 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update
VMware Security Advisories
25	VMSA-2014-0006	http://www.vmware.com/security/advisories/VMSA-2014-0006.html
サーバ・クライアント製品セキュリティ情報
26	OpenSSLの脆弱性(CVE-2014-0224他)によるテープライブラリ装置への影響について	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve20140224_tape_library.html
シスコセキュリティアドバイザリ
27	cisco-sa-20140605-openssl	http://www.cisco.com/cisco/web/support/JP/112/1122/1122700_cisco-sa-20140605-openssl-j.html

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-14-198-03	https://ics-cert.us-cert.gov/advisories/ICSA-14-198-03
関連文書
2	Use-after-free race condition,in OpenSSL's read buffer	http://openwall.com/lists/oss-security/2014/04/13/1

Change Log

No	Changed Details	Date of change
0	[2014年04月16日] 掲載 [2014年06月24日] 影響を受けるシステム：内容を更新ベンダ情報：日立 (HIRT-PUB14010) を追加 [2014年06月26日] ベンダ情報：オラクル (CVE-2010-5298 Race Conditions vulnerability in OpenSSL) を追加 [2014年06月30日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：シスコシステムズ (cisco-sa-20140605-openssl) を追加ベンダ情報：ブルーコートシステムズ (SA80) を追加 [2014年07月01日] ベンダ情報：VMware (2079783) を追加ベンダ情報：VMware (VMSA-2014-0006) を追加 [2014年07月22日] 参考情報：ICS-CERT ADVISORY (ICSA-14-198-03) を追加 [2014年07月25日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：BlackBerry (KB36051) を追加ベンダ情報：Huawei (Huawei-SA-20140613-OpenSSL) を追加ベンダ情報：IBM (1673137) を追加ベンダ情報：IBM (1676035) を追加ベンダ情報：IBM (1676062) を追加ベンダ情報：IBM (1676419) を追加ベンダ情報：IBM (1676655) を追加ベンダ情報：IBM (1677695) を追加ベンダ情報：IBM (1677828) を追加ベンダ情報：IBM (1678167) を追加ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices) を追加ベンダ情報：マカフィー (SB10075) を追加 [2015年01月30日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - January 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices) を追加ベンダ情報：オラクル (January 2015 Critical Patch Update Released) を追加 [2015年12月17日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (OpenSSLの脆弱性(CVE-2014-0224他)によるテープライブラリ装置への影響について)による影響について) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-5298

Summary	Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Publication Date	April 15, 2014, 7:38 a.m.
Registration Date	Jan. 29, 2021, 11:11 a.m.
Last Update	Nov. 21, 2024, 10:22 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl::::::::			1.0.1g

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:mariadb:mariadb::::::::		10.0.0			10.0.13

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:20:::::::*
cpe:2.3:o:fedoraproject:fedora:19:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-::::::

Related information, measures and tools

No	URL	タグ
1	http://advisories.mageia.org/MGASA-2014-0187.html	Third Party Advisory
2	http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig	Patch Third Party Advisory
3	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629	Third Party Advisory
4	http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195	Permissions Required
5	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	Mailing List Third Party Advisory
6	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html	Mailing List Third Party Advisory
8	http://marc.info/?l=bugtraq&m=140389274407904&w=2	Mailing List Third Party Advisory
9	http://marc.info/?l=bugtraq&m=140389355508263&w=2	Mailing List Third Party Advisory
10	http://marc.info/?l=bugtraq&m=140431828824371&w=2	Mailing List Third Party Advisory
11	http://marc.info/?l=bugtraq&m=140448122410568&w=2	Mailing List Third Party Advisory
12	http://marc.info/?l=bugtraq&m=140544599631400&w=2	Mailing List Third Party Advisory
13	http://marc.info/?l=bugtraq&m=140621259019789&w=2	Mailing List Third Party Advisory
14	http://marc.info/?l=bugtraq&m=140752315422991&w=2	Mailing List Third Party Advisory
15	http://marc.info/?l=bugtraq&m=140904544427729&w=2	Mailing List Third Party Advisory
16	http://marc.info/?l=bugtraq&m=141658880509699&w=2	Mailing List Third Party Advisory
17	http://openwall.com/lists/oss-security/2014/04/13/1	Mailing List Patch
18	http://seclists.org/fulldisclosure/2014/Dec/23	Mailing List Third Party Advisory
19	http://secunia.com/advisories/58337	Not Applicable
20	http://secunia.com/advisories/58713	Not Applicable
21	http://secunia.com/advisories/58939	Not Applicable
22	http://secunia.com/advisories/58977	Not Applicable
23	http://secunia.com/advisories/59162	Not Applicable
24	http://secunia.com/advisories/59287	Not Applicable
25	http://secunia.com/advisories/59300	Not Applicable
26	http://secunia.com/advisories/59301	Not Applicable
27	http://secunia.com/advisories/59342	Not Applicable
28	http://secunia.com/advisories/59413	Not Applicable
29	http://secunia.com/advisories/59437	Not Applicable
30	http://secunia.com/advisories/59438	Not Applicable
31	http://secunia.com/advisories/59440	Not Applicable
32	http://secunia.com/advisories/59450	Not Applicable
33	http://secunia.com/advisories/59490	Not Applicable
34	http://secunia.com/advisories/59655	Not Applicable
35	http://secunia.com/advisories/59666	Not Applicable
36	http://secunia.com/advisories/59669	Not Applicable
37	http://secunia.com/advisories/59721	Not Applicable
38	http://security.gentoo.org/glsa/glsa-201407-05.xml	Third Party Advisory
39	http://support.citrix.com/article/CTX140876	Third Party Advisory
40	http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup	Broken Link
41	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl	Third Party Advisory
42	http://www.blackberry.com/btsc/KB36051	Broken Link
43	http://www.fortiguard.com/advisory/FG-IR-14-018/	Third Party Advisory
44	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm	Third Party Advisory
45	http://www.ibm.com/support/docview.wss?uid=swg21676356	Third Party Advisory
46	http://www.ibm.com/support/docview.wss?uid=swg24037783	Third Party Advisory
47	http://www.mandriva.com/security/advisories?name=MDVSA-2014:090	Broken Link
48	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	Broken Link
49	http://www.openbsd.org/errata55.html#004_openssl	Third Party Advisory
50	http://www.openssl.org/news/secadv_20140605.txt	Third Party Advisory
51	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Third Party Advisory
52	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Third Party Advisory
53	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Third Party Advisory
54	http://www.securityfocus.com/archive/1/534161/100/0/threaded	Third Party Advisory VDB Entry
55	http://www.securityfocus.com/bid/66801	Third Party Advisory VDB Entry
56	http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse	Third Party Advisory
57	http://www.vmware.com/security/advisories/VMSA-2014-0006.html	Third Party Advisory
58	http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Third Party Advisory
59	http://www-01.ibm.com/support/docview.wss?uid=swg21673137	Broken Link
60	http://www-01.ibm.com/support/docview.wss?uid=swg21676035	Broken Link
61	http://www-01.ibm.com/support/docview.wss?uid=swg21676062	Third Party Advisory
62	http://www-01.ibm.com/support/docview.wss?uid=swg21676419	Third Party Advisory
63	http://www-01.ibm.com/support/docview.wss?uid=swg21676529	Third Party Advisory
64	http://www-01.ibm.com/support/docview.wss?uid=swg21676655	Third Party Advisory
65	http://www-01.ibm.com/support/docview.wss?uid=swg21676879	Broken Link
66	http://www-01.ibm.com/support/docview.wss?uid=swg21676889	Broken Link
67	http://www-01.ibm.com/support/docview.wss?uid=swg21677527	Broken Link
68	http://www-01.ibm.com/support/docview.wss?uid=swg21677695	Third Party Advisory
69	http://www-01.ibm.com/support/docview.wss?uid=swg21677828	Third Party Advisory
70	http://www-01.ibm.com/support/docview.wss?uid=swg21677836	Third Party Advisory
71	http://www-01.ibm.com/support/docview.wss?uid=swg21678167	Third Party Advisory
72	http://www-01.ibm.com/support/docview.wss?uid=swg21683332	Third Party Advisory
73	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754	Broken Link
74	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755	Broken Link
75	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756	Broken Link
76	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757	Broken Link
77	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946	Third Party Advisory
78	https://kb.bluecoat.com/index?page=content&id=SA80	Broken Link
79	https://kc.mcafee.com/corporate/index?page=content&id=SB10075	Broken Link
80	https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest	Broken Link
81	https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest	Broken Link
82	https://www.novell.com/support/kb/doc.php?id=7015271	Third Party Advisory
83	http://advisories.mageia.org/MGASA-2014-0187.html	Third Party Advisory
84	https://www.novell.com/support/kb/doc.php?id=7015271	Third Party Advisory
85	https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest	Broken Link
86	https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest	Broken Link
87	https://kc.mcafee.com/corporate/index?page=content&id=SB10075	Broken Link
88	https://kb.bluecoat.com/index?page=content&id=SA80	Broken Link
89	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946	Third Party Advisory
90	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757	Broken Link
91	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756	Broken Link
92	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755	Broken Link
93	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754	Broken Link
94	http://www-01.ibm.com/support/docview.wss?uid=swg21683332	Third Party Advisory
95	http://www-01.ibm.com/support/docview.wss?uid=swg21678167	Third Party Advisory
96	http://www-01.ibm.com/support/docview.wss?uid=swg21677836	Third Party Advisory
97	http://www-01.ibm.com/support/docview.wss?uid=swg21677828	Third Party Advisory
98	http://www-01.ibm.com/support/docview.wss?uid=swg21677695	Third Party Advisory
99	http://www-01.ibm.com/support/docview.wss?uid=swg21677527	Broken Link
100	http://www-01.ibm.com/support/docview.wss?uid=swg21676889	Broken Link
101	http://www-01.ibm.com/support/docview.wss?uid=swg21676879	Broken Link
102	http://www-01.ibm.com/support/docview.wss?uid=swg21676655	Third Party Advisory
103	http://www-01.ibm.com/support/docview.wss?uid=swg21676529	Third Party Advisory
104	http://www-01.ibm.com/support/docview.wss?uid=swg21676419	Third Party Advisory
105	http://www-01.ibm.com/support/docview.wss?uid=swg21676062	Third Party Advisory
106	http://www-01.ibm.com/support/docview.wss?uid=swg21676035	Broken Link
107	http://www-01.ibm.com/support/docview.wss?uid=swg21673137	Broken Link
108	http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Third Party Advisory
109	http://www.vmware.com/security/advisories/VMSA-2014-0006.html	Third Party Advisory
110	http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse	Third Party Advisory
111	http://www.securityfocus.com/bid/66801	Third Party Advisory VDB Entry
112	http://www.securityfocus.com/archive/1/534161/100/0/threaded	Third Party Advisory VDB Entry
113	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Third Party Advisory
114	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Third Party Advisory
115	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Third Party Advisory
116	http://www.openssl.org/news/secadv_20140605.txt	Third Party Advisory
117	http://www.openbsd.org/errata55.html#004_openssl	Third Party Advisory
118	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	Broken Link
119	http://www.mandriva.com/security/advisories?name=MDVSA-2014:090	Broken Link
120	http://www.ibm.com/support/docview.wss?uid=swg24037783	Third Party Advisory
121	http://www.ibm.com/support/docview.wss?uid=swg21676356	Third Party Advisory
122	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm	Third Party Advisory
123	http://www.fortiguard.com/advisory/FG-IR-14-018/	Third Party Advisory
124	http://www.blackberry.com/btsc/KB36051	Broken Link
125	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl	Third Party Advisory
126	http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup	Broken Link
127	http://support.citrix.com/article/CTX140876	Third Party Advisory
128	http://security.gentoo.org/glsa/glsa-201407-05.xml	Third Party Advisory
129	http://secunia.com/advisories/59721	Not Applicable
130	http://secunia.com/advisories/59669	Not Applicable
131	http://secunia.com/advisories/59666	Not Applicable
132	http://secunia.com/advisories/59655	Not Applicable
133	http://secunia.com/advisories/59490	Not Applicable
134	http://secunia.com/advisories/59450	Not Applicable
135	http://secunia.com/advisories/59440	Not Applicable
136	http://secunia.com/advisories/59438	Not Applicable
137	http://secunia.com/advisories/59437	Not Applicable
138	http://secunia.com/advisories/59413	Not Applicable
139	http://secunia.com/advisories/59342	Not Applicable
140	http://secunia.com/advisories/59301	Not Applicable
141	http://secunia.com/advisories/59300	Not Applicable
142	http://secunia.com/advisories/59287	Not Applicable
143	http://secunia.com/advisories/59162	Not Applicable
144	http://secunia.com/advisories/58977	Not Applicable
145	http://secunia.com/advisories/58939	Not Applicable
146	http://secunia.com/advisories/58713	Not Applicable
147	http://secunia.com/advisories/58337	Not Applicable
148	http://seclists.org/fulldisclosure/2014/Dec/23	Mailing List Third Party Advisory
149	http://openwall.com/lists/oss-security/2014/04/13/1	Mailing List Patch
150	http://marc.info/?l=bugtraq&m=141658880509699&w=2	Mailing List Third Party Advisory
151	http://marc.info/?l=bugtraq&m=140904544427729&w=2	Mailing List Third Party Advisory
152	http://marc.info/?l=bugtraq&m=140752315422991&w=2	Mailing List Third Party Advisory
153	http://marc.info/?l=bugtraq&m=140621259019789&w=2	Mailing List Third Party Advisory
154	http://marc.info/?l=bugtraq&m=140544599631400&w=2	Mailing List Third Party Advisory
155	http://marc.info/?l=bugtraq&m=140448122410568&w=2	Mailing List Third Party Advisory
156	http://marc.info/?l=bugtraq&m=140431828824371&w=2	Mailing List Third Party Advisory
157	http://marc.info/?l=bugtraq&m=140389355508263&w=2	Mailing List Third Party Advisory
158	http://marc.info/?l=bugtraq&m=140389274407904&w=2	Mailing List Third Party Advisory
159	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html	Mailing List Third Party Advisory
160	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	Mailing List Third Party Advisory
161	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	Mailing List Third Party Advisory
162	http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195	Permissions Required
163	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629	Third Party Advisory
164	http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig	Patch Third Party Advisory

Common Vulnerabilities List