A vulnerability in the processing of DTLS handshake messages was found that results in large amounts of memory being used. Once the Denial Of Service attack has ceased, the memory will be freed.
External References: https://www.openssl.org/news/secadv_20140806.txt
Upstream commit: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1250f12613b61758675848f6600ebd914ccd7636
Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1127704]
Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1127705]
Created mingw-openssl tracking bugs for this issue: Affects: epel-7 [bug 1127709]
Created mingw32-openssl tracking bugs for this issue: Affects: epel-5 [bug 1127885]
openssl-1.0.1e-39.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
openssl-1.0.1e-39.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1053 https://rhn.redhat.com/errata/RHSA-2014-1053.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:1052 https://rhn.redhat.com/errata/RHSA-2014-1052.html
This issue has been addressed in following products: Red Hat Storage 2.1 Via RHSA-2014:1054 https://rhn.redhat.com/errata/RHSA-2014-1054.html
This issue has been addressed in the following products: JBoss Web Server 2.1.0 Via RHSA-2014:1256 https://rhn.redhat.com/errata/RHSA-2014-1256.html
This issue has been addressed in the following products: JBoss Enterprise Application Platform 6.3.0 Via RHSA-2014:1297 https://rhn.redhat.com/errata/RHSA-2014-1297.html