ID RHSA-2010:0888 Type redhat Reporter RedHat Modified 2018-06-06T20:24:33
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A race condition flaw has been found in the OpenSSL TLS server extension
parsing code, which could affect some multithreaded OpenSSL applications.
Under certain specific conditions, it may be possible for a remote attacker
to trigger this race condition and cause such an application to crash, or
possibly execute arbitrary code with the permissions of the application.
(CVE-2010-3864)
Note that this issue does not affect the Apache HTTP Server. Refer to Red
Hat Bugzilla bug 649304 for more technical details on how to determine if
your application is affected.
Red Hat would like to thank Rob Hulswit for reporting this issue.
All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. For the update to take effect, all
services linked to the OpenSSL library must be restarted, or the system
rebooted.
{"id": "RHSA-2010:0888", "hash": "986e64fb917110b59eb3385283813f93", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0888) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA race condition flaw has been found in the OpenSSL TLS server extension\nparsing code, which could affect some multithreaded OpenSSL applications.\nUnder certain specific conditions, it may be possible for a remote attacker\nto trigger this race condition and cause such an application to crash, or\npossibly execute arbitrary code with the permissions of the application.\n(CVE-2010-3864)\n\nNote that this issue does not affect the Apache HTTP Server. Refer to Red\nHat Bugzilla bug 649304 for more technical details on how to determine if\nyour application is affected.\n\nRed Hat would like to thank Rob Hulswit for reporting this issue.\n\nAll OpenSSL users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. For the update to take effect, all\nservices linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "published": "2010-11-16T05:00:00", "modified": "2018-06-06T20:24:33", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0888", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-3864"], "lastseen": "2018-12-11T19:43:10", "history": [{"bulletin": {"id": "RHSA-2010:0888", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0888) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA race condition flaw has been found in the OpenSSL TLS server extension\nparsing code, which could affect some multithreaded OpenSSL applications.\nUnder certain specific conditions, it may be possible for a remote attacker\nto trigger this race condition and cause such an application to crash, or\npossibly execute arbitrary code with the permissions of the application.\n(CVE-2010-3864)\n\nNote that this issue does not affect the Apache HTTP Server. Refer to Red\nHat Bugzilla bug 649304 for more technical details on how to determine if\nyour application is affected.\n\nRed Hat would like to thank Rob Hulswit for reporting this issue.\n\nAll OpenSSL users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. For the update to take effect, all\nservices linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "published": "2010-11-16T05:00:00", "modified": "2017-03-03T17:44:11", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0888", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-3864"], "lastseen": "2017-03-07T05:19:00", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.6, "modified": "2017-03-07T05:19:00"}}, "objectVersion": "1.4", "affectedPackage": [{"arch": "x86_64", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "packageName": "openssl-devel", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "packageName": "openssl-static", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "s390", "packageFilename": "openssl-1.0.0-4.el6_0.1.s390.rpm", "OSVersion": "6", "packageName": "openssl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "packageName": "openssl-perl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "packageName": "openssl-devel", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "openssl-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "packageName": "openssl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "openssl-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "packageName": "openssl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "s390", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.s390.rpm", "OSVersion": "6", "packageName": "openssl-debuginfo", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "packageName": "openssl-debuginfo", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "packageName": "openssl-devel", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "s390", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.s390.rpm", "OSVersion": "6", "packageName": "openssl-devel", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "ppc", "packageFilename": "openssl-1.0.0-4.el6_0.1.ppc.rpm", "OSVersion": "6", "packageName": "openssl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "src", "packageFilename": "openssl-1.0.0-4.el6_0.1.src.rpm", "OSVersion": "6", "packageName": "openssl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "packageName": "openssl-static", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "packageName": "openssl-debuginfo", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "packageName": "openssl-static", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "packageName": "openssl-perl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "packageName": "openssl-perl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "ppc", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.ppc.rpm", "OSVersion": "6", "packageName": "openssl-devel", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "packageName": "openssl-debuginfo", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "packageName": "openssl-static", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "packageName": "openssl-devel", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "packageName": "openssl-perl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "openssl-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "packageName": "openssl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "packageName": "openssl-debuginfo", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "ppc", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.ppc.rpm", "OSVersion": "6", "packageName": "openssl-debuginfo", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "openssl-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "packageName": "openssl", "OS": "RedHat", "packageVersion": "1.0.0-4.el6_0.1", "operator": "lt"}]}, "lastseen": "2017-03-07T05:19:00", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2010:0888", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0888) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA race condition flaw has been found in the OpenSSL TLS server extension\nparsing code, which could affect some multithreaded OpenSSL applications.\nUnder certain specific conditions, it may be possible for a remote attacker\nto trigger this race condition and cause such an application to crash, or\npossibly execute arbitrary code with the permissions of the application.\n(CVE-2010-3864)\n\nNote that this issue does not affect the Apache HTTP Server. Refer to Red\nHat Bugzilla bug 649304 for more technical details on how to determine if\nyour application is affected.\n\nRed Hat would like to thank Rob Hulswit for reporting this issue.\n\nAll OpenSSL users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. For the update to take effect, all\nservices linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "published": "2010-11-16T05:00:00", "modified": "2017-11-27T17:18:35", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0888", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-3864"], "lastseen": "2017-12-25T20:06:00", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"arch": "i686", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "src", "packageFilename": "openssl-1.0.0-4.el6_0.1.src.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-perl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-static", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-perl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-static", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "openssl-1.0.0-4.el6_0.1.i686.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "openssl-1.0.0-4.el6_0.1.x86_64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.ppc.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-perl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-static", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "openssl-1.0.0-4.el6_0.1.ppc.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.ppc.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "openssl-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.ppc64.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "s390", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.s390.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-perl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-static", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "s390", "packageFilename": "openssl-1.0.0-4.el6_0.1.s390.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "s390", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.s390.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "openssl-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.s390x.rpm", "OSVersion": "6", "operator": "lt", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "OS": "RedHat"}]}, "lastseen": "2017-12-25T20:06:00", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2010:0888", "hash": "46de04cc679899635ecd7a01a92cfb0c", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0888) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA race condition flaw has been found in the OpenSSL TLS server extension\nparsing code, which could affect some multithreaded OpenSSL applications.\nUnder certain specific conditions, it may be possible for a remote attacker\nto trigger this race condition and cause such an application to crash, or\npossibly execute arbitrary code with the permissions of the application.\n(CVE-2010-3864)\n\nNote that this issue does not affect the Apache HTTP Server. Refer to Red\nHat Bugzilla bug 649304 for more technical details on how to determine if\nyour application is affected.\n\nRed Hat would like to thank Rob Hulswit for reporting this issue.\n\nAll OpenSSL users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. For the update to take effect, all\nservices linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "published": "2010-11-16T05:00:00", "modified": "2018-06-06T20:24:33", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0888", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-3864"], "lastseen": "2018-06-06T18:04:35", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-1.0.0-4.el6_0.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "openssl-perl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "openssl-static", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "openssl-perl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "openssl-static", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-1.0.0-4.el6_0.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-1.0.0-4.el6_0.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "openssl-perl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "openssl-static", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-1.0.0-4.el6_0.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-1.0.0-4.el6_0.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "openssl-perl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-perl-1.0.0-4.el6_0.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "openssl-static", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-static-1.0.0-4.el6_0.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-1.0.0-4.el6_0.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "openssl", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-1.0.0-4.el6_0.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "openssl-devel", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-devel-1.0.0-4.el6_0.1.s390x.rpm", "operator": "lt"}]}, "lastseen": "2018-06-06T18:04:35", "differentElements": ["affectedPackage"], "edition": 3}], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3864"]}, {"type": "f5", "idList": ["F5:K12566", "SOL12566"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2010-3864"]}, {"type": "openvas", "idList": ["OPENVAS:831251", "OPENVAS:1361412562310840540", "OPENVAS:862631", "OPENVAS:68703", "OPENVAS:1361412562310862631", "OPENVAS:136141256231068703", "OPENVAS:1361412562310831251", "OPENVAS:840540", "OPENVAS:862721", "OPENVAS:136141256231068704"]}, {"type": "nessus", "idList": ["SUSE_11_LIBOPENSSL-DEVEL-101111.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-101111.NASL", "FREEBSD_PKG_3042C33AF23711DF9D020018FE623F2B.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-101119.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-101119.NASL", "OPENSSL_0_9_8P_1_0_0B.NASL", "REDHAT-RHSA-2010-0888.NASL", "SL_20101116_OPENSSL_ON_SL6_X.NASL", "DEBIAN_DSA-2125.NASL", "FEDORA_2010-17847.NASL"]}, {"type": "freebsd", "idList": ["3042C33A-F237-11DF-9D02-0018FE623F2B"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11264", "SECURITYVULNS:DOC:26212", "SECURITYVULNS:VULN:11624", "SECURITYVULNS:DOC:26596", "SECURITYVULNS:VULN:11754"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2125-1:26495"]}, {"type": "ubuntu", "idList": ["USN-1018-1"]}, {"type": "slackware", "idList": ["SSA-2010-326-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0979", "ELSA-2011-0677", "ELSA-2015-3022"]}, {"type": "cert", "idList": ["VU:737740"]}, {"type": "gentoo", "idList": ["GLSA-201110-01"]}], "modified": "2018-12-11T19:43:10"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "openssl-debuginfo", "packageVersion": "1.0.0-4.el6_0.1", "packageFilename": "openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}
{"cve": [{"lastseen": "2018-10-11T11:34:17", "bulletinFamily": "NVD", "description": "Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.", "modified": "2018-10-10T16:05:35", "published": "2010-11-17T11:00:01", "id": "CVE-2010-3864", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3864", "title": "CVE-2010-3864", "type": "cve", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T08:16:20", "bulletinFamily": "software", "description": "", "modified": "2017-03-14T22:07:00", "published": "2011-01-28T00:19:00", "href": "https://support.f5.com/csp/article/K12566", "id": "F5:K12566", "type": "f5", "title": "OpenSSL vulnerability CVE-2010-3864", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:00", "bulletinFamily": "software", "description": "For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864>\n", "modified": "2016-07-25T00:00:00", "published": "2011-01-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/12000/500/sol12566.html", "id": "SOL12566", "title": "SOL12566 - OpenSSL vulnerability CVE-2010-3864", "type": "f5", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openssl": [{"lastseen": "2016-09-26T17:22:35", "bulletinFamily": "software", "description": "A flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are NOT affected. Reported by Rob Hulswit.", "modified": "2010-11-16T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENSSL:CVE-2010-3864", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2010-3864)", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-18T10:58:18", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2017-12-18T00:00:00", "published": "2010-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831251", "id": "OPENVAS:831251", "title": "Mandriva Update for openssl MDVSA-2010:238 (openssl)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl MDVSA-2010:238 (openssl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered in openssl that causes a race condition\n within the TLS extension parsing code and which can be exploited to\n cause a heap-based buffer overflow (CVE-2010-3864).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"openssl on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00032.php\");\n script_id(831251);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:238\");\n script_cve_id(\"CVE-2010-3864\");\n script_name(\"Mandriva Update for openssl MDVSA-2010:238 (openssl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-devel\", rpm:\"libopenssl1.0.0-devel~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-static-devel\", rpm:\"libopenssl1.0.0-static-devel~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-devel\", rpm:\"lib64openssl1.0.0-devel~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-static-devel\", rpm:\"lib64openssl1.0.0-static-devel~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:21", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1018-1", "modified": "2017-12-22T00:00:00", "published": "2010-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840540", "id": "OPENVAS:1361412562310840540", "title": "Ubuntu Update for openssl vulnerability USN-1018-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1018_1.nasl 8228 2017-12-22 07:29:52Z teissa $\n#\n# Ubuntu Update for openssl vulnerability USN-1018-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Rob Hulswit discovered a race condition in the OpenSSL TLS server\n extension parsing code when used within a threaded server. A remote\n attacker could trigger this flaw to cause a denial of service\n or possibly execute arbitrary code with application privileges.\n (CVE-2010-3864)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1018-1\";\ntag_affected = \"openssl vulnerability on Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1018-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840540\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1018-1\");\n script_cve_id(\"CVE-2010-3864\");\n script_name(\"Ubuntu Update for openssl vulnerability USN-1018-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-udeb\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:57:44", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2017-12-18T00:00:00", "published": "2010-12-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862631", "id": "OPENVAS:862631", "title": "Fedora Update for openssl FEDORA-2010-17827", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17827\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 14\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html\");\n script_id(862631);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17827\");\n script_cve_id(\"CVE-2010-3864\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17827\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:28", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-01-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=68703", "id": "OPENVAS:68703", "title": "FreeBSD Ports: openssl", "type": "openvas", "sourceData": "#\n#VID 3042c33a-f237-11df-9d02-0018fe623f2b\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3042c33a-f237-11df-9d02-0018fe623f2b\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openssl\n\nCVE-2010-3864\nMultiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through\n0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching\nare enabled on a TLS server, might allow remote attackers to execute\narbitrary code via client data that triggers a heap-based buffer\noverflow, related to (1) the TLS server name extension and (2)\nelliptic curve cryptography.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://openssl.org/news/secadv_20101116.txt\nhttp://www.vuxml.org/freebsd/3042c33a-f237-11df-9d02-0018fe623f2b.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(68703);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3864\");\n script_name(\"FreeBSD Ports: openssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.0_2\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:53:28", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-01-08T00:00:00", "published": "2010-12-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862631", "id": "OPENVAS:1361412562310862631", "title": "Fedora Update for openssl FEDORA-2010-17827", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17827\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 14\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862631\");\n script_version(\"$Revision: 8314 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 09:01:01 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17827\");\n script_cve_id(\"CVE-2010-3864\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17827\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-08T12:48:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:136141256231068703", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068703", "title": "FreeBSD Ports: openssl", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_openssl3.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 3042c33a-f237-11df-9d02-0018fe623f2b\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68703\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3864\");\n script_name(\"FreeBSD Ports: openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: openssl\n\nCVE-2010-3864\nMultiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through\n0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching\nare enabled on a TLS server, might allow remote attackers to execute\narbitrary code via client data that triggers a heap-based buffer\noverflow, related to (1) the TLS server name extension and (2)\nelliptic curve cryptography.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://openssl.org/news/secadv_20101116.txt\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/3042c33a-f237-11df-9d02-0018fe623f2b.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.0_2\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:04:37", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-01-09T00:00:00", "published": "2010-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831251", "id": "OPENVAS:1361412562310831251", "title": "Mandriva Update for openssl MDVSA-2010:238 (openssl)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl MDVSA-2010:238 (openssl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered in openssl that causes a race condition\n within the TLS extension parsing code and which can be exploited to\n cause a heap-based buffer overflow (CVE-2010-3864).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"openssl on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00032.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831251\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:238\");\n script_cve_id(\"CVE-2010-3864\");\n script_name(\"Mandriva Update for openssl MDVSA-2010:238 (openssl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8h~3.8mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-devel\", rpm:\"libopenssl1.0.0-devel~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-static-devel\", rpm:\"libopenssl1.0.0-static-devel~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-devel\", rpm:\"lib64openssl1.0.0-devel~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-static-devel\", rpm:\"lib64openssl1.0.0-static-devel~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0a~1.5mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8k~5.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8h~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:51", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1018-1", "modified": "2017-12-01T00:00:00", "published": "2010-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840540", "id": "OPENVAS:840540", "title": "Ubuntu Update for openssl vulnerability USN-1018-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1018_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for openssl vulnerability USN-1018-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Rob Hulswit discovered a race condition in the OpenSSL TLS server\n extension parsing code when used within a threaded server. A remote\n attacker could trigger this flaw to cause a denial of service\n or possibly execute arbitrary code with application privileges.\n (CVE-2010-3864)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1018-1\";\ntag_affected = \"openssl vulnerability on Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1018-1/\");\n script_id(840540);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1018-1\");\n script_cve_id(\"CVE-2010-3864\");\n script_name(\"Ubuntu Update for openssl vulnerability USN-1018-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-16ubuntu3.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-udeb\", ver:\"0.9.8o-1ubuntu4.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-4ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:56", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2017-12-25T00:00:00", "published": "2010-12-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862721", "id": "OPENVAS:862721", "title": "Fedora Update for openssl FEDORA-2010-18765", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-18765\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 14\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html\");\n script_id(862721);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18765\");\n script_cve_id(\"CVE-2010-4180\", \"CVE-2010-3864\");\n script_name(\"Fedora Update for openssl FEDORA-2010-18765\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0c~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-08T12:48:08", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory FreeBSD-SA-10:10.openssl.asc", "modified": "2018-10-05T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:136141256231068704", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068704", "title": "FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsdsa_openssl8.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from ADV FreeBSD-SA-10:10.openssl.asc\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68704\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-2939\");\n script_name(\"FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdpatchlevel\");\n\n script_tag(name:\"insight\", value:\"FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nA race condition exists in the OpenSSL TLS server extension code\nparsing when used in a multi-threaded application, which uses\nOpenSSL's internal caching mechanism. The race condition can lead to\na buffer overflow. [CVE-2010-3864]\n\nA double free exists in the SSL client ECDH handling code, when\nprocessing specially crafted public keys with invalid prime\nnumbers. [CVE-2010-2939]\");\n\n script_tag(name:\"solution\", value:\"Upgrade your system to the appropriate stable release\n or security branch dated after the correction date.\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-10:10.openssl.asc\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory FreeBSD-SA-10:10.openssl.asc\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\n\nif(patchlevelcmp(rel:\"8.1\", patchlevel:\"2\")<0) {\n vuln = TRUE;\n}\nif(patchlevelcmp(rel:\"8.0\", patchlevel:\"6\")<0) {\n vuln = TRUE;\n}\nif(patchlevelcmp(rel:\"7.3\", patchlevel:\"4\")<0) {\n vuln = TRUE;\n}\nif(patchlevelcmp(rel:\"7.1\", patchlevel:\"16\")<0) {\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(port:0);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:11:26", "bulletinFamily": "scanner", "description": "The following issue has been fixed :\n\n - Multithreaded OpenSSL servers using the TLS server\n extension were vulnerable to a buffer overrun attack.\n CVE-2010-3864 has been assigned to this issue.", "modified": "2013-10-25T00:00:00", "published": "2010-12-02T00:00:00", "id": "SUSE_11_LIBOPENSSL-DEVEL-101111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50939", "title": "SuSE 11 Security Update : libopenssl (SAT Patch Number 3509)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50939);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:00 $\");\n\n script_cve_id(\"CVE-2010-3864\");\n\n script_name(english:\"SuSE 11 Security Update : libopenssl (SAT Patch Number 3509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issue has been fixed :\n\n - Multithreaded OpenSSL servers using the TLS server\n extension were vulnerable to a buffer overrun attack.\n CVE-2010-3864 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3864.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3509.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"openssl-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"openssl-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libopenssl0_9_8-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"openssl-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"openssl-doc-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8h-30.22.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8h-30.22.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:12:04", "bulletinFamily": "scanner", "description": "Multithreaded OpenSSL servers using the TLS server extension are\nvulnerable to a buffer overrun attack. CVE-2010-3864 has been assigned\nto this issue.", "modified": "2018-11-10T00:00:00", "published": "2011-05-05T00:00:00", "id": "SUSE_11_1_LIBOPENSSL-DEVEL-101111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53675", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-3507.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53675);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2010-3864\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-1)\");\n script_summary(english:\"Check for the libopenssl-devel-3507 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multithreaded OpenSSL servers using the TLS server extension are\nvulnerable to a buffer overrun attack. CVE-2010-3864 has been assigned\nto this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-11/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libopenssl-devel-0.9.8h-28.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libopenssl0_9_8-0.9.8h-28.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openssl-0.9.8h-28.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8h-28.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:20", "bulletinFamily": "scanner", "description": "OpenSSL Team reports :\n\nRob Hulswit has found a flaw in the OpenSSL TLS server extension code\nparsing which on affected servers can be exploited in a buffer overrun\nattack.\n\nAny OpenSSL based TLS server is vulnerable if it is multi-threaded and\nuses OpenSSL's internal caching mechanism. Servers that are\nmulti-process and/or disable internal session caching are NOT\naffected.\n\nIn particular the Apache HTTP server (which never uses OpenSSL\ninternal caching) and Stunnel (which includes its own workaround) are\nNOT affected.", "modified": "2018-12-19T00:00:00", "published": "2010-11-18T00:00:00", "id": "FREEBSD_PKG_3042C33AF23711DF9D020018FE623F2B.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50627", "title": "FreeBSD : openssl -- TLS extension parsing race condition (3042c33a-f237-11df-9d02-0018fe623f2b)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50627);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2010-3864\");\n\n script_name(english:\"FreeBSD : openssl -- TLS extension parsing race condition (3042c33a-f237-11df-9d02-0018fe623f2b)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL Team reports :\n\nRob Hulswit has found a flaw in the OpenSSL TLS server extension code\nparsing which on affected servers can be exploited in a buffer overrun\nattack.\n\nAny OpenSSL based TLS server is vulnerable if it is multi-threaded and\nuses OpenSSL's internal caching mechanism. Servers that are\nmulti-process and/or disable internal session caching are NOT\naffected.\n\nIn particular the Apache HTTP server (which never uses OpenSSL\ninternal caching) and Stunnel (which includes its own workaround) are\nNOT affected.\"\n );\n # http://openssl.org/news/secadv/20101116.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20101116.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/3042c33a-f237-11df-9d02-0018fe623f2b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c36a26d7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.0_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:06:03", "bulletinFamily": "scanner", "description": "According to its banner, the remote server is running a version of \nOpenSSL that is earlier than 0.9.8p / 1.0.0b.\n\nIf a TLS server is multithreaded and uses the SSL cache, a remote\nattacker could trigger a buffer overflow and crash the server or run\narbitrary code.", "modified": "2018-07-16T00:00:00", "published": "2012-01-04T00:00:00", "id": "OPENSSL_0_9_8P_1_0_0B.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17766", "title": "OpenSSL < 0.9.8p / 1.0.0b Buffer Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17766);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2010-3864\");\n script_bugtraq_id(44884);\n\n script_name(english:\"OpenSSL < 0.9.8p / 1.0.0b Buffer Overflow\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote server is affected by a buffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote server is running a version of \nOpenSSL that is earlier than 0.9.8p / 1.0.0b.\n\nIf a TLS server is multithreaded and uses the SSL cache, a remote\nattacker could trigger a buffer overflow and crash the server or run\narbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20101116.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.8p / 1.0.0b or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:make_list('0.9.8p', '1.0.0b'), severity:SECURITY_HOLE);\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:00", "bulletinFamily": "scanner", "description": "Multithreaded OpenSSL servers using the TLS server extension are\nvulnerable to a buffer overrun attack (CVE-2010-3864).", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_3_LIBOPENSSL-DEVEL-101119.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75593", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-3562.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75593);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2010-3864\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-2)\");\n script_summary(english:\"Check for the libopenssl-devel-3562 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multithreaded OpenSSL servers using the TLS server extension are\nvulnerable to a buffer overrun attack (CVE-2010-3864).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-11/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl-devel-1.0.0-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl0_9_8-0.9.8m-3.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl1_0_0-1.0.0-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"openssl-1.0.0-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8m-3.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0-6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:12:06", "bulletinFamily": "scanner", "description": "Multithreaded OpenSSL servers using the TLS server extension are\nvulnerable to a buffer overrun attack (CVE-2010-3864).", "modified": "2018-11-10T00:00:00", "published": "2011-05-05T00:00:00", "id": "SUSE_11_2_LIBOPENSSL-DEVEL-101119.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53750", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-3562.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53750);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2010-3864\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-2)\");\n script_summary(english:\"Check for the libopenssl-devel-3562 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multithreaded OpenSSL servers using the TLS server extension are\nvulnerable to a buffer overrun attack (CVE-2010-3864).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-11/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libopenssl-devel-0.9.8k-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libopenssl0_9_8-0.9.8k-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openssl-0.9.8k-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8k-3.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:21", "bulletinFamily": "scanner", "description": "Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA race condition flaw has been found in the OpenSSL TLS server\nextension parsing code, which could affect some multithreaded OpenSSL\napplications. Under certain specific conditions, it may be possible\nfor a remote attacker to trigger this race condition and cause such an\napplication to crash, or possibly execute arbitrary code with the\npermissions of the application. (CVE-2010-3864)\n\nNote that this issue does not affect the Apache HTTP Server. Refer to\nRed Hat Bugzilla bug 649304 for more technical details on how to\ndetermine if your application is affected.\n\nRed Hat would like to thank Rob Hulswit for reporting this issue.\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.", "modified": "2018-11-28T00:00:00", "published": "2010-11-18T00:00:00", "id": "REDHAT-RHSA-2010-0888.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50642", "title": "RHEL 6 : openssl (RHSA-2010:0888)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0888. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50642);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2010-3864\");\n script_bugtraq_id(44884);\n script_xref(name:\"RHSA\", value:\"2010:0888\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2010:0888)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA race condition flaw has been found in the OpenSSL TLS server\nextension parsing code, which could affect some multithreaded OpenSSL\napplications. Under certain specific conditions, it may be possible\nfor a remote attacker to trigger this race condition and cause such an\napplication to crash, or possibly execute arbitrary code with the\npermissions of the application. (CVE-2010-3864)\n\nNote that this issue does not affect the Apache HTTP Server. Refer to\nRed Hat Bugzilla bug 649304 for more technical details on how to\ndetermine if your application is affected.\n\nRed Hat would like to thank Rob Hulswit for reporting this issue.\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0888\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0888\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.0-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.0-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.0-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.0-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.0-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.0-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.0-4.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-4.el6_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:21", "bulletinFamily": "scanner", "description": "A flaw has been found in the OpenSSL TLS server extension code parsing\nwhich on affected servers can be exploited in a buffer overrun attack.\nThis allows an attacker to cause an application crash or potentially\nto execute arbitrary code.\n\nHowever, not all OpenSSL based SSL/TLS servers are vulnerable: a\nserver is vulnerable if it is multi-threaded and uses OpenSSL's\ninternal caching mechanism. In particular the Apache HTTP server\n(which never uses OpenSSL internal caching) and Stunnel (which\nincludes its own workaround) are NOT affected.", "modified": "2018-11-10T00:00:00", "published": "2010-11-24T00:00:00", "id": "DEBIAN_DSA-2125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50696", "title": "Debian DSA-2125-1 : openssl - buffer overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2125. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50696);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2010-3864\");\n script_bugtraq_id(44884);\n script_xref(name:\"DSA\", value:\"2125\");\n\n script_name(english:\"Debian DSA-2125-1 : openssl - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw has been found in the OpenSSL TLS server extension code parsing\nwhich on affected servers can be exploited in a buffer overrun attack.\nThis allows an attacker to cause an application crash or potentially\nto execute arbitrary code.\n\nHowever, not all OpenSSL based SSL/TLS servers are vulnerable: a\nserver is vulnerable if it is multi-threaded and uses OpenSSL's\ninternal caching mechanism. In particular the Apache HTTP server\n(which never uses OpenSSL internal caching) and Stunnel (which\nincludes its own workaround) are NOT affected.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2125\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nThis upgrade fixes this issue. After the upgrade, any services using\nthe openssl libraries need to be restarted. The checkrestart script\nfrom the debian-goodies package or lsof can help to find out which\nservices need to be restarted.\n\nA note to users of the tor packages from the Debian backports or\nDebian volatile: this openssl update causes problems with some\nversions of tor. You need to update to tor 0.2.1.26-4~bpo50+1 or\n0.2.1.26-1~lennyvolatile2, respectively. The tor package version\n0.2.0.35-1~lenny2 from Debian stable is not affected by these\nproblems.\n\nFor the stable distribution (lenny), the problem has been fixed in\nopenssl version 0.9.8g-15+lenny9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libssl-dev\", reference:\"0.9.8g-15+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8g-15+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8g-15+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openssl\", reference:\"0.9.8g-15+lenny9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:23", "bulletinFamily": "scanner", "description": "A race condition flaw has been found in the OpenSSL TLS server\nextension parsing code, which could affect some multithreaded OpenSSL\napplications. Under certain specific conditions, it may be possible\nfor a remote attacker to trigger this race condition and cause such an\napplication to crash, or possibly execute arbitrary code with the\npermissions of the application. (CVE-2010-3864)\n\nNote that this issue does not affect the Apache HTTP Server.\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.", "modified": "2019-01-02T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20101116_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60899", "title": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60899);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2010-3864\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw has been found in the OpenSSL TLS server\nextension parsing code, which could affect some multithreaded OpenSSL\napplications. Under certain specific conditions, it may be possible\nfor a remote attacker to trigger this race condition and cause such an\napplication to crash, or possibly execute arbitrary code with the\npermissions of the application. (CVE-2010-3864)\n\nNote that this issue does not affect the Apache HTTP Server.\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=5661\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72bd1e3a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.0-4.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.0-4.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.0-4.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.0-4.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:21", "bulletinFamily": "scanner", "description": "This is a minor update from upstream fixing one race condition\ntheoretically exploitable from remote connections in some SSL servers\n(CVE-2010-3864). There are also a few additional bug fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-07-12T00:00:00", "published": "2010-11-22T00:00:00", "id": "FEDORA_2010-17847.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50675", "title": "Fedora 13 : openssl-1.0.0b-1.fc13 (2010-17847)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17847.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50675);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-3864\");\n script_bugtraq_id(44884);\n script_xref(name:\"FEDORA\", value:\"2010-17847\");\n\n script_name(english:\"Fedora 13 : openssl-1.0.0b-1.fc13 (2010-17847)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a minor update from upstream fixing one race condition\ntheoretically exploitable from remote connections in some SSL servers\n(CVE-2010-3864). There are also a few additional bug fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649304\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?685c0f14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"openssl-1.0.0b-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:18", "bulletinFamily": "unix", "description": "\nOpenSSL Team reports:\n\nRob Hulswit has found a flaw in the OpenSSL TLS server extension\n\t code parsing which on affected servers can be exploited in a buffer\n\t overrun attack.\nAny OpenSSL based TLS server is vulnerable if it is multi-threaded\n\t and uses OpenSSL's internal caching mechanism. Servers that are\n\t multi-process and/or disable internal session caching are NOT\n\t affected.\nIn particular the Apache HTTP server (which never uses OpenSSL\n\t internal caching) and Stunnel (which includes its own workaround)\n\t are NOT affected.\n\n", "modified": "2010-10-08T00:00:00", "published": "2010-10-08T00:00:00", "id": "3042C33A-F237-11DF-9D02-0018FE623F2B", "href": "https://vuxml.freebsd.org/freebsd/3042c33a-f237-11df-9d02-0018fe623f2b.html", "title": "openssl -- TLS extension parsing race condition", "type": "freebsd", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "description": "Race conditions with buffer overflow.", "modified": "2010-11-19T00:00:00", "published": "2010-11-19T00:00:00", "id": "SECURITYVULNS:VULN:11264", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11264", "title": "OpenSSL buffer overflow", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02794777\r\nVersion: 1\r\n\r\nHPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information\r\nDisclosure, Denial of Service (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2011-04-19\r\nLast Updated: 2011-04-19\r\n\r\nPotential Security Impact: Remote unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure, Denial of Servce (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). The vulnerabilities could be exploited remotely to allow unauthorized elevation\r\nof privilege, execution of arbitrary code, encryption downgrade, information disclosure, and Denial of Service (DoS).\r\n\r\nReferences: CVE-2010-3864, CVE-2010-4180, CVE-2011-0014, CVE-2011-0539, CVE-2011-1535 (privilege elevation)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nInsight Control for Linux (IC-Linux) prior to v6.3\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\r\nCVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\r\nCVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2011-0539 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2011-1535 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made Insight Control for Linux (IC-Linux) v6.3 or subsequent available to resolve the vulnerabilities.\r\n\r\nThe product kit is available here:\r\n\r\nhttp://h18004.www1.hp.com/products/servers/management/insightcontrol_linux2/index.html\r\n\r\nThe product kit is also available here: http://www.hp.com/go/ice-lx\r\n\r\nHISTORY\r\nVersion:1 (rev.1) 19 April 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's\r\npatch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software\r\nproducts to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this\r\nBulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this\r\ninformation is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the\r\ninformation provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and\r\nfitness for a particular purpose, title and non-infringement."\r\n\r\nCopyright 2011 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any\r\nkind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime\r\ncost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document\r\nis subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United\r\nStates and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk2tjMAACgkQ4B86/C0qfVl2pgCgwXGSztItJz2iVYtrtl3ojJOY\r\nzlUAn2Tq9aUUHLrw2Ei3r7UGhWTooHh0\r\n=d+fD\r\n-----END PGP SIGNATURE-----", "modified": "2011-04-26T00:00:00", "published": "2011-04-26T00:00:00", "id": "SECURITYVULNS:DOC:26212", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26212", "title": "[security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS)", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "description": "Privilege escalation, code execution, information leakage, DoS.", "modified": "2011-04-26T00:00:00", "published": "2011-04-26T00:00:00", "id": "SECURITYVULNS:VULN:11624", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11624", "title": "HP Insight Control multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "About the security content of Mac OS X v10.6.8 and Security Update 2011-004\r\n\r\n Last Modified: June 23, 2011\r\n Article: HT4723\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes of Mac OS X v10.6.8 and Security Update 2011-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security\r\nMac OS X v10.6.8 and Security Update 2011-004\r\n\r\n AirPort\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset\r\n\r\n Description: An out of bounds memory read issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect Mac OS X v10.6\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0196\r\n\r\n App Store\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: The user's AppleID password may be logged to a local file\r\n\r\n Description: In certain circumstances, App Store may log the user's AppleID password to a file that is not readable by other users on the system. This issue is addressed through improved handling of credentials.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0197 : Paul Nelson\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow issue existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0198 : Harry Sintonen, Marc Schoenefeld of the Red Hat Security Response Team\r\n\r\n Certificate Trust Policy\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information\r\n\r\n Description: An error handling issue existed in the Certificate Trust Policy. If an Extended Validation (EV) certificate has no OCSP URL, and CRL checking is enabled, the CRL will not be checked and a revoked certificate may be accepted as valid. This issue is mitigated as most EV certificates specify an OCSP URL.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0199 : Chris Hawk and Wan-Teh Chang of Google\r\n\r\n ColorSync\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative\r\n\r\n CoreFoundation\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0201 : Harry Sintonen\r\n\r\n CoreGraphics\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team\r\n\r\n FTP Server\r\n\r\n Available for: Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: A person with FTP access may list files on the system\r\n\r\n Description: A path validation issue existed in xftpd. A person with FTP access may perform a recursive directory listing starting from the root, including directories that are not shared for FTP. The listing will eventually include any file that would be accessible to the FTP user. The contents of files are not disclosed. This issue is addressed through improved path validation. This issue only affects Mac OS X Server systems.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0203 : team karlkani\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow issue existed in ImageIO's handling of JPEG2000 images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0205 : Harry Sintonen\r\n\r\n International Components for Unicode\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow issue existed in ICU's handling of uppercase strings. Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0206 : David Bienvenu of Mozilla\r\n\r\n Kernel\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: A local user may be able to cause a system reset\r\n\r\n Description: A null dereference issue existed in the handling of IPV6 socket options. A local user may be able to cause a system reset.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-1132 : Thomas Clement of Intego\r\n\r\n Libsystem\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Applications which use the glob(3) API may be vulnerable to a denial of service\r\n\r\n Description: Applications which use the glob(3) API may be vulnerable to a denial of service. If the glob pattern comes from untrusted input, the application may hang or use excessive CPU resources. This issue is addressed through improved validation of glob patterns.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-2632 : Maksymilian Arciemowicz\r\n\r\n libxslt\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap\r\n\r\n Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0195 : Chris Evans of the Google Chrome Security Team\r\n\r\n MobileMe\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: An attacker with a privileged network position may read a user's MobileMe email aliases\r\n\r\n Description: When communicating with MobileMe to determine a user's email aliases, Mail will make requests over HTTP. As a result, an attacker with a privileged network position may read a user's MobileMe email aliases. This issue is addressed by using SSL to access the user's email aliases.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0207 : Aaron Sigel of vtty.com\r\n\r\n MySQL\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.91\r\n\r\n Description: MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3677\r\n\r\n CVE-2010-3682\r\n\r\n CVE-2010-3833\r\n\r\n CVE-2010-3834\r\n\r\n CVE-2010-3835\r\n\r\n CVE-2010-3836\r\n\r\n CVE-2010-3837\r\n\r\n CVE-2010-3838\r\n\r\n OpenSSL\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Multiple vulnerabilities in OpenSSL\r\n\r\n Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating OpenSSL to version 0.9.8r.\r\n\r\n CVE-ID\r\n\r\n CVE-2009-3245\r\n\r\n CVE-2010-0740\r\n\r\n CVE-2010-3864\r\n\r\n CVE-2010-4180\r\n\r\n CVE-2011-0014\r\n\r\n patch\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Running patch on a maliciously crafted patch file may cause arbitrary files to be created or overwritten\r\n\r\n Description: A directory traversal issue existed in GNU patch. Running patch on a maliciously crafted patch file may cause arbitrary files to be created or overwritten. This issue is addressed through improved validation of patch files.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-4651\r\n\r\n QuickLook\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0208 : Tobias Klein working with iDefense VCP\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow existed in QuickTime's handling of RIFF WAV files. Viewing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0209 : Luigi Auriemma working with TippingPoint's Zero Day Initiative\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickTime's handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0210 : Honggang Ren of Fortinet's FortiGuard Labs\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day Initiative\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow existed in QuickTime's handling of PICT images. Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3790 : Subreption LLC working with TippingPoint's Zero Day Initiative\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow existed in QuickTime's handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0213 : Luigi Auriemma working with iDefense\r\n\r\n Samba\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A stack buffer overflow existed in Samba's handling of Windows Security IDs. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X 10.6.7.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3069\r\n\r\n Samba\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in Samba's handling of file descriptors. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0719 : Volker Lendecke of SerNet\r\n\r\n servermgrd\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: A remote attacker may be able to read arbitrary files from the system\r\n\r\n Description: An XML External Entity issue exists in servermgrd's handling of XML-RPC requests. This issue is addressed by removing servermgrd's XML-RPC interface. This issue only affects Mac OS X Server systems.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0212 : Apple\r\n\r\n subversion\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: If an http based Subversion server is configured, a remote attacker may be able to cause a denial of service\r\n\r\n Description: A null dereference issue existed in Subversion's handling of lock tokens sent over HTTP. If an http based Subversion server is configured, a remote attacker may be able to cause a denial of service. For Mac OS X v10.6 systems, Subversion is updated to version 1.6.6. For Mac OS X v10.5.8 systems, the issue is addressed through additional validation of lock tokens. Further information is available via the Subversion web site at http://subversion.tigris.org/\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0715\r\n\r\n", "modified": "2011-07-04T00:00:00", "published": "2011-07-04T00:00:00", "id": "SECURITYVULNS:DOC:26596", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26596", "title": "About the security content of Mac OS X v10.6.8 and Security Update 2011-004", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "DoS conditions, buffer overflows, information leaks, code execution in different subsystems.", "modified": "2011-07-06T00:00:00", "published": "2011-07-06T00:00:00", "id": "SECURITYVULNS:VULN:11754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11754", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:36", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2125-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nNovember 22, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nDebian Bug : 603709\nCVE Id(s) : CVE-2010-3864\n\nA flaw has been found in the OpenSSL TLS server extension code parsing\nwhich on affected servers can be exploited in a buffer overrun attack.\nThis allows an attacker to cause an appliation crash or potentially to\nexecute arbitrary code.\n\nHowever, not all OpenSSL based SSL/TLS servers are vulnerable: A server\nis vulnerable if it is multi-threaded and uses OpenSSL's internal caching\nmechanism. In particular the Apache HTTP server (which never uses OpenSSL\ninternal caching) and Stunnel (which includes its own workaround) are NOT\naffected.\n\nThis upgrade fixes this issue. After the upgrade, any services using the\nopenssl libraries need to be restarted. The checkrestart script from the\ndebian-goodies package or lsof can help to find out which services need\nto be restarted.\n\nA note to users of the tor packages from the Debian backports or Debian\nvolatile: This openssl update causes problems with some versions of tor.\nYou need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2,\nrespectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable\nis not affected by these problems.\n\nFor the stable distribution (lenny), the problem has been fixed in\nopenssl version 0.9.8g-15+lenny9.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.9.8o-3.\n\nWe recommend that you upgrade your openssl packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz\n Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc\n Size/MD5 checksum: 1973 1efb69f23999507bf2e74f5b848744af\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz\n Size/MD5 checksum: 60451 9aba44ed40b0c9c8ec82bd6cd33c44b8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb\n Size/MD5 checksum: 2583248 3b3f0cbec4ec28eb310466237648db8f\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb\n Size/MD5 checksum: 1028998 79fe8cdd601aecd9f956033a04fb8da5\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb\n Size/MD5 checksum: 722114 a388304bf86381229c306e79a5e85bf8\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb\n Size/MD5 checksum: 2814160 e0f6fc697f5e9c87b44aa15eb58c3ea8\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb\n Size/MD5 checksum: 4369318 c3cf8c7ec27f86563c34f45e986e17c4\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb\n Size/MD5 checksum: 975850 778916e8b0df8e216121cd5185d7ca43\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb\n Size/MD5 checksum: 2243180 ff6a898ccd6fb49d5fbec9f4bd3cb6da\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb\n Size/MD5 checksum: 638414 9ea111d66ac5f394d35fb69defa5dd27\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb\n Size/MD5 checksum: 1627632 9f08e1da5cf9279cee4700e89dc6ee6d\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb\n Size/MD5 checksum: 1043320 9ada82a7417c0d714a38c3a7184c2401\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb\n Size/MD5 checksum: 536038 a9c90bb3ad326fa43c1285c1768df046\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb\n Size/MD5 checksum: 2087048 bded4e624fcf0791ae0885aa18d99123\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb\n Size/MD5 checksum: 1028894 20784774078f02ef7e9db2ddbd7d5548\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb\n Size/MD5 checksum: 1490666 700c80efddb108b3e2a65373cc10dcc8\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb\n Size/MD5 checksum: 844426 4cad5651a6d37ab19fb80b05a423598d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb\n Size/MD5 checksum: 1029206 6c6c35731ecacfc0280520097ee183d4\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb\n Size/MD5 checksum: 540780 3b9ab48015bbd4dfc1ab205b42f1113d\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb\n Size/MD5 checksum: 2100958 fbf2c222a504e09e30f73cb0740a73a5\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb\n Size/MD5 checksum: 1504318 8eaa760844c1b81d0f8bd21bdc7ca1d0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb\n Size/MD5 checksum: 850286 3e656a0805eb31600f8e3e520a2a6e36\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb\n Size/MD5 checksum: 2268562 8cb4805915dfde8326fde4281c9aaa76\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb\n Size/MD5 checksum: 969104 805c95116706c82051a5d08efce729e5\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb\n Size/MD5 checksum: 1047026 2e06d411c0a8764db3504638d3b59ef9\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb\n Size/MD5 checksum: 1528456 de6a4129635ee4565696198ce3423674\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb\n Size/MD5 checksum: 634504 bab8594389626190b71ee97bfb46fa71\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb\n Size/MD5 checksum: 2108452 d75ba6c13fc77dd3eefddde480a05231\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb\n Size/MD5 checksum: 5393290 14bf0f44b8c802e47834234be834d80b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb\n Size/MD5 checksum: 2977384 bf4c26767b006694843d036ebdca132a\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb\n Size/MD5 checksum: 591782 bf5007e22e4bd31445458a5379086103\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb\n Size/MD5 checksum: 1035868 64085f2b106009533bda0309f08548af\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb\n Size/MD5 checksum: 2666530 42cdae406ce22e3e538f0d744f043a39\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb\n Size/MD5 checksum: 1465582 33c84255a9515a9a528cbf3df9398ef5\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb\n Size/MD5 checksum: 865352 9cbc10e393eb3d30d34ea384c6f1f9f5\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb\n Size/MD5 checksum: 1105090 cc7485d310d4770c2b1e93c6d74dcc2b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb\n Size/MD5 checksum: 1280654 fde186a4983ac6cafcd3d5ec7e1d6f98\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb\n Size/MD5 checksum: 1025868 8b7f565c4c0a15b15f20f2e074bb503a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb\n Size/MD5 checksum: 900162 391ac436c8d7ed7b55a8ea9e90c7d8be\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb\n Size/MD5 checksum: 2307960 227ac5c7b409d061222b94bc40e8cd18\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb\n Size/MD5 checksum: 1622826 8a4f73d6cd497076490404a2dade26ba\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb\n Size/MD5 checksum: 585108 d8447df55a530959b6cd9d5d3039c0da\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb\n Size/MD5 checksum: 1012186 4a154b5c4d864f7dcd0bf019dfb41c5d\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb\n Size/MD5 checksum: 1588308 1222eb6b1870602335ef0722b7047b6a\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb\n Size/MD5 checksum: 572370 a2535f616be099e9361a55637c3375d3\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb\n Size/MD5 checksum: 2295070 7446121759684083870d5ae0d26969c0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb\n Size/MD5 checksum: 885668 3745e7c578002628f78f02bd5afeb84f\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb\n Size/MD5 checksum: 1643808 43814c865d098046bc1dca1920820354\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb\n Size/MD5 checksum: 1047060 5c45e5a5d02f856cb9dc29029d0b5557\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb\n Size/MD5 checksum: 656166 309fdeebe15bbecbe8c55dbd5ddbdd3a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb\n Size/MD5 checksum: 997540 f4bf73493f3964b8a23bdd424694f079\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb\n Size/MD5 checksum: 2251238 35f6f59b07e57eb538da19545a733d5f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb\n Size/MD5 checksum: 693040 26cab41169c6b8f64ce7936a2ea65a7b\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb\n Size/MD5 checksum: 1051130 f67b4fd152e1175f81022ffd345d6c78\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb\n Size/MD5 checksum: 2231782 c7796fff8c97bbf0c5ab69440cbd50f9\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb\n Size/MD5 checksum: 1602496 a9595ac98fc11015dd4bb2634416197b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb\n Size/MD5 checksum: 1024562 ff293933ef4eb5e952659fe7caf82c8b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb\n Size/MD5 checksum: 2290536 e5c655fbcc524fe7bb56945cc8b2f5d1\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb\n Size/MD5 checksum: 3868850 b9cbaa2cbb2cfa4aa1dce984148dba4b\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb\n Size/MD5 checksum: 2146488 d0c17736c2b26a97491e34321ffff3f5\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb\n Size/MD5 checksum: 580510 28ab74855c8a34bb002b44fd7ecb8997\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb\n Size/MD5 checksum: 1043044 d78ffaf44d1177b05fa0cfb02d76128a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-11-22T20:17:14", "published": "2010-11-22T20:17:14", "id": "DEBIAN:DSA-2125-1:26495", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00176.html", "title": "[SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:29", "bulletinFamily": "unix", "description": "Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2010-3864)", "modified": "2010-11-18T00:00:00", "published": "2010-11-18T00:00:00", "id": "USN-1018-1", "href": "https://usn.ubuntu.com/1018-1/", "title": "OpenSSL vulnerability", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:55", "bulletinFamily": "unix", "description": "New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, and -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/openssl-0.9.8p-i486-1_slack13.1.txz: Rebuilt.\n This OpenSSL update contains some security related bugfixes.\n For more information, see the included CHANGES and NEWS files, and:\n http://www.openssl.org/news/secadv_20101116.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864\n (* Security fix *)\npatches/packages/openssl-solibs-0.9.8p-i486-1_slack13.1.txz: Rebuilt.\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8p-i486-1_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8p-i486-1_slack11.0.tgz\n\nUpdated packages for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8p-i486-1_slack12.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8p-i486-1_slack12.0.tgz\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8p-i486-1_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8p-i486-1_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8p-i486-1_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8p-i486-1_slack12.2.tgz\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8p-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8p-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8p-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8p-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8p-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8p-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8p-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8p-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8p-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8p-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-0.9.8p-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-0.9.8p-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 packages:\n4afbe28d45b8a2308300117677d3fe55 openssl-0.9.8p-i486-1_slack11.0.tgz\n86e5c3024bb98af3b8f95dea0d25ddb1 openssl-solibs-0.9.8p-i486-1_slack11.0.tgz\n\nSlackware 12.0 packages:\nb6ca9a74664750269ff8d496619d7864 openssl-0.9.8p-i486-1_slack12.0.tgz\nb8933914f64907f0251beada06ca8325 openssl-solibs-0.9.8p-i486-1_slack12.0.tgz\n\nSlackware 12.1 packages:\n714055dcb36d66df90dd3ab39d1a8ffc openssl-0.9.8p-i486-1_slack12.1.tgz\n44721199ecb279310c1c78823aca2642 openssl-solibs-0.9.8p-i486-1_slack12.1.tgz\n\nSlackware 12.2 packages:\nf056a02b0c6ee9bbbd2351779104a5b5 openssl-0.9.8p-i486-1_slack12.2.tgz\nacd1c70ff6809c1395b238172c159c07 openssl-solibs-0.9.8p-i486-1_slack12.2.tgz\n\nSlackware 13.0 packages:\nc016754f3c6423bbe316d62fd0c2e7cc openssl-0.9.8p-i486-1_slack13.0.txz\ne32ed64837187409745c13726ec93c9b openssl-solibs-0.9.8p-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n683ccd42679217f50cfde53ce78c14c2 openssl-0.9.8p-x86_64-1_slack13.0.txz\nb8302ed88259a4d075ec6577a5b68f4e openssl-solibs-0.9.8p-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\nb11344999caa9758c005e9cf4ca569de openssl-0.9.8p-i486-1_slack13.1.txz\n841a5ac55f7fc5192018740998ac33ce openssl-solibs-0.9.8p-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n9fc9e76fa50989b6e5e610f9aae01a83 openssl-0.9.8p-x86_64-1_slack13.1.txz\nabcdafbc53666b5b646ad6e7349ae987 openssl-solibs-0.9.8p-x86_64-1_slack13.1.txz\n\nSlackware -current packages:\n354568cef2205d0fde6a72c9768f4609 openssl-solibs-0.9.8p-i486-1.txz\n83316eab3f9f4bf90e5ffb003fee9eba openssl-0.9.8p-i486-1.txz\n\nSlackware x86_64 -current packages:\n74bae522783c8af4874b82e1ac6cb0de openssl-solibs-0.9.8p-x86_64-1.txz\na53b35c6a75c00d7d3b4dcec3cf4cdcd openssl-0.9.8p-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-0.9.8p-i486-1_slack13.1.txz openssl-solibs-0.9.8p-i486-1_slack13.1.txz", "modified": "2010-11-21T23:07:48", "published": "2010-11-21T23:07:48", "id": "SSA-2010-326-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793", "title": "openssl", "type": "slackware", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:53", "bulletinFamily": "unix", "description": "[1.0.0-4.2]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-4.1]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)", "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2010-0979", "href": "http://linux.oracle.com/errata/ELSA-2010-0979.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:45:18", "bulletinFamily": "unix", "description": "[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)", "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0677", "href": "http://linux.oracle.com/errata/ELSA-2011-0677.html", "title": "openssl security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:50", "bulletinFamily": "unix", "description": "[1.0.1m-2.0.1]\n- update to upstream 1.0.1m\n- update to fips canister 2.0.9\n- regenerated below patches\n openssl-1.0.1-beta2-rpmbuild.patch\n openssl-1.0.1m-rhcompat.patch\n openssl-1.0.1m-ecc-suiteb.patch\n openssl-1.0.1m-fips-mode.patch\n openssl-1.0.1m-version.patch\n openssl-1.0.1m-evp-devel.patch\n[1.0.1j-2.0.4]\n- [Orabug 20182267] The openssl-fips-devel package should Provide:\n openssl-devel and openssl-devel(x86-64) like the standard -devel\n package\n- The openssl-fips-devel package should include fips.h and fips_rand.h\n for apps that want to build against FIPS* APIs\n[1.0.1j-2.0.3]\n- [Orabug 20086847] reintroduce patch openssl-1.0.1e-ecc-suiteb.patch,\n update ec_curve.c which gets copied into build tree to match the patch\n (ie only have curves which are advertised). The change items from the\n orignal patch are as follows:\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1j-2.0.2]\n- update README.FIPS with step-by-step install instructions\n[1.0.1j-2.0.1]\n- update to upstream 1.0.1j\n- change name to openssl-fips\n- change Obsoletes: openssl to Conflicts: openssl\n- add Provides: openssl\n[1.0.1i-2.0.3.fips]\n- update to fips canister 2.0.8 to remove Dual EC DRBG\n- run gcc -v so the gcc build version is captured in the build log\n[1.0.1i-2.0.2.fips]\n- flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg\n[1.0.1i-2.0.1.fips]\n- build against upstream 1.0.1i\n- build against fips validated canister 2.0.7\n- add patch to support fips=1\n- rename pkg to openssl-fips and Obsolete openssl\n[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-16.4]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-16.3]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-16.2]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-16.1]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- a d d e a p - f a s t s u p p o r t ( # 4 2 8 1 8 1 ) b r > - a d d p o s s i b i l i t y t o d i s a b l e z l i b b y s e t t i n g b r > - a d d f i p s m o d e s u p p o r t f o r t e s t i n g p u r p o s e s b r > - d o n o t n u l l d e r e f e r e n c e o n s o m e i n v a l i d s m i m e f i l e s b r > - a d d b u i l d r e q u i r e s p k g c o n f i g ( # 4 7 9 4 9 3 ) b r > b r > [ 0 . 9 . 8 g - 1 1 ] b r > - d o n o t a d d t l s e x t e n s i o n s t o s e r v e r h e l l o f o r S S L v 3 e i t h e r b r > b r > [ 0 . 9 . 8 g - 1 0 ] b r > - m o v e r o o t C A b u n d l e t o c a - c e r t i f i c a t e s p a c k a g e b r > b r > [ 0 . 9 . 8 g - 9 ] b r > - f i x C V E - 2 0 0 8 - 0 8 9 1 - s e r v e r n a m e e x t e n s i o n c r a s h ( # 4 4 8 4 9 2 ) b r > - f i x C V E - 2 0 0 8 - 1 6 7 2 - s e r v e r k e y e x c h a n g e m e s s a g e o m i t c r a s h ( # 4 4 8 4 9 5 ) b r > b r > [ 0 . 9 . 8 g - 8 ] b r > - s u p e r - H a r c h s u p p o r t b r > - d r o p w o r k a r o u n d f o r b u g 1 9 9 6 0 4 a s i t s h o u l d b e f i x e d i n g c c - 4 . 3 b r > b r > [ 0 . 9 . 8 g - 7 ] b r > - s p a r c h a n d l i n g b r > b r > [ 0 . 9 . 8 g - 6 ] b r > - u p d a t e t o n e w r o o t C A b u n d l e f r o m m o z i l l a . o r g ( r 1 . 4 5 ) b r > b r > [ 0 . 9 . 8 g - 5 ] b r > - A u t o r e b u i l d f o r G C C 4 . 3 b r > b r > [ 0 . 9 . 8 g - 4 ] b r > - m e r g e r e v i e w f i x e s ( # 2 2 6 2 2 0 ) b r > - a d j u s t t h e S H L I B _ V E R S I O N _ N U M B E R t o r e f l e c t l i b r a r y n a m e ( # 4 2 9 8 4 6 ) b r > b r > [ 0 . 9 . 8 g - 3 ] b r > - s e t d e f a u l t p a t h s w h e n n o e x p l i c i t p a t h s a r e s e t ( # 4 1 8 7 7 1 ) b r > - d o n o t a d d t l s e x t e n s i o n s t o c l i e n t h e l l o f o r S S L v 3 ( # 4 2 2 0 8 1 ) b r > b r > [ 0 . 9 . 8 g - 2 ] b r > - e n a b l e s o m e n e w c r y p t o a l g o r i t h m s a n d f e a t u r e s b r > - a d d s o m e m o r e i m p o r t a n t b u g f i x e s f r o m o p e n s s l C V S b r > b r > [ 0 . 9 . 8 g - 1 ] b r > - u p d a t e t o l a t e s t u p s t r e a m r e l e a s e , S O N A M E b u m p e d t o 7 b r > b r > [ 0 . 9 . 8 b - 1 7 ] b r > - u p d a t e t o n e w C A b u n d l e f r o m m o z i l l a . o r g b r > b r > [ 0 . 9 . 8 b - 1 6 ] b r > - f i x C V E - 2 0 0 7 - 5 1 3 5 - o f f - b y - o n e i n S S L _ g e t _ s h a r e d _ c i p h e r s ( # 3 0 9 8 0 1 ) b r > - f i x C V E - 2 0 0 7 - 4 9 9 5 - o u t o f o r d e r D T L S f r a g m e n t s b u f f e r o v e r f l o w ( # 3 2 1 1 9 1 ) b r > - a d d a l p h a s u b - a r c h s ( # 2 9 6 0 3 1 ) b r > b r > [ 0 . 9 . 8 b - 1 5 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 8 b - 1 4 ] b r > - u s e l o c a l h o s t i n t e s t s u i t e , h o p e f u l l y f i x e s s l o w b u i l d i n k o j i b r > - C V E - 2 0 0 7 - 3 1 0 8 - f i x s i d e c h a n n e l a t t a c k o n p r i v a t e k e y s ( # 2 5 0 5 7 7 ) b r > - m a k e s s l s e s s i o n c a c h e i d m a t c h i n g s t r i c t ( # 2 3 3 5 9 9 ) b r > b r > [ 0 . 9 . 8 b - 1 3 ] b r > - a l l o w b u i l d i n g o n A R M a r c h i t e c t u r e s ( # 2 4 5 4 1 7 ) b r > - u s e r e f e r e n c e t i m e s t a m p s t o p r e v e n t m u l t i l i b c o n f l i c t s ( # 2 1 8 0 6 4 ) b r > - - d e v e l p a c k a g e m u s t r e q u i r e p k g c o n f i g ( # 2 4 1 0 3 1 ) b r > b r > [ 0 . 9 . 8 b - 1 2 ] b r > - d e t e c t d u p l i c a t e s i n a d d _ d i r p r o p e r l y ( # 2 0 6 3 4 6 ) b r > b r > [ 0 . 9 . 8 b - 1 1 ] b r > - t h e p r e v i o u s c h a n g e s t i l l d i d n ' t m a k e X 5 0 9 _ N A M E _ c m p t r a n s i t i v e b r > b r > [ 0 . 9 . 8 b - 1 0 ] b r > - m a k e X 5 0 9 _ N A M E _ c m p t r a n s i t i v e o t h e r w i s e c e r t i f i c a t e l o o k u p b r > i s b r o k e n ( # 2 1 6 0 5 0 ) b r > b r > [ 0 . 9 . 8 b - 9 ] b r > - a l i a s i n g b u g i n e n g i n e l o a d i n g , p a t c h b y I B M ( # 2 1 3 2 1 6 ) b r > b r > [ 0 . 9 . 8 b - 8 ] b r > - C V E - 2 0 0 6 - 2 9 4 0 f i x w a s i n c o r r e c t ( # 2 0 8 7 4 4 ) b r > b r > [ 0 . 9 . 8 b - 7 ] b r > - f i x C V E - 2 0 0 6 - 2 9 3 7 - m i s h a n d l e d e r r o r o n A S N . 1 p a r s i n g ( # 2 0 7 2 7 6 ) b r > - f i x C V E - 2 0 0 6 - 2 9 4 0 - p a r a s i t i c p u b l i c k e y s D o S ( # 2 0 7 2 7 4 ) b r > - f i x C V E - 2 0 0 6 - 3 7 3 8 - b u f f e r o v e r f l o w i n S S L _ g e t _ s h a r e d _ c i p h e r s ( # 2 0 6 9 4 0 ) b r > - f i x C V E - 2 0 0 6 - 4 3 4 3 - s s l v 2 c l i e n t D o S ( # 2 0 6 9 4 0 ) b r > b r > [ 0 . 9 . 8 b - 6 ] b r > - f i x C V E - 2 0 0 6 - 4 3 3 9 - p r e v e n t a t t a c k o n P K C S # 1 v 1 . 5 s i g n a t u r e s ( # 2 0 5 1 8 0 ) b r > b r > [ 0 . 9 . 8 b - 5 ] b r > - s e t b u f f e r i n g t o n o n e o n s t d i o / s t d o u t F I L E w h e n b u f s i z e i s s e t ( # 2 0 0 5 8 0 ) b r > p a t c h b y I B M b r > b r > [ 0 . 9 . 8 b - 4 . 1 ] b r > - r e b u i l d w i t h n e w b i n u t i l s ( # 2 0 0 3 3 0 ) b r > b r > [ 0 . 9 . 8 b - 4 ] b r > - a d d a t e m p o r a r y w o r k a r o u n d f o r s h a 5 1 2 t e s t f a i l u r e o n s 3 9 0 ( # 1 9 9 6 0 4 ) b r > b r > * T h u J u l 2 0 2 0 0 6 T o m a s M r a z t m r a z @ r e d h a t . c o m > b r > - a d d i p v 6 s u p p o r t t o s _ c l i e n t a n d s _ s e r v e r ( b y J a n P a z d z i o r a ) ( # 1 9 8 7 3 7 ) b r > - a d d p a t c h e s f o r B N t h r e a d s a f e t y , A E S c a c h e c o l l i s i o n a t t a c k h a z a r d f i x a n d b r > p k c s 7 c o d e m e m l e a k f i x f r o m u p s t r e a m C V S b r > b r > [ 0 . 9 . 8 b - 3 . 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 8 b - 3 ] b r > - d r o p p e d l i b i c a a n d i c a e n g i n e f r o m b u i l d b r > b r > * W e d J u n 2 1 2 0 0 6 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - u p d a t e t o n e w C A b u n d l e f r o m m o z i l l a . o r g ; a d d s C A c e r t i f i c a t e s b r > f r o m n e t l o c k . h u a n d s t a r t c o m . o r g b r > b r > [ 0 . 9 . 8 b - 2 ] b r > - f i x e d a f e w r p m l i n t w a r n i n g s b r > - b e t t e r f i x f o r # 1 7 3 3 9 9 f r o m u p s t r e a m b r > - u p s t r e a m f i x f o r p k c s 1 2 b r > b r > [ 0 . 9 . 8 b - 1 ] b r > - u p g r a d e t o n e w v e r s i o n , s t a y s A B I c o m p a t i b l e b r > - t h e r e i s n o m o r e l i n u x / c o n f i g . h ( i t w a s e m p t y a n y w a y ) b r > b r > [ 0 . 9 . 8 a - 6 ] b r > - f i x s t a l e o p e n h a n d l e s i n l i b i c a ( # 1 7 7 1 5 5 ) b r > - f i x b u i l d i f ' r a n d ' o r ' p a s s w d ' i n b u i l d r o o t p a t h ( # 1 7 8 7 8 2 ) b r > - i n i t i a l i z e V I A P a d l o c k e n g i n e ( # 1 8 6 8 5 7 ) b r > b r > [ 0 . 9 . 8 a - 5 . 2 ] b r > - b u m p a g a i n f o r d o u b l e - l o n g b u g o n p p c ( 6 4 ) b r > b r > [ 0 . 9 . 8 a - 5 . 1 ] b r > - r e b u i l t f o r n e w g c c 4 . 1 s n a p s h o t a n d g l i b c c h a n g e s b r > b r > [ 0 . 9 . 8 a - 5 ] b r > - d o n ' t i n c l u d e S S L _ O P _ N E T S C A P E _ R E U S E _ C I P H E R _ C H A N G E _ B U G b r > i n S S L _ O P _ A L L ( # 1 7 5 7 7 9 ) b r > b r > * F r i D e c 0 9 2 0 0 5 J e s s e K e a t i n g j k e a t i n g @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 8 a - 4 ] b r > - f i x b u i l d ( - l c r y p t o w a s e r r o n e u s l y d r o p p e d ) o f t h e u p d a t e d l i b i c a b r > - u p d a t e d I C A e n g i n e t o 1 . 3 . 6 - r c 3 b r > b r > [ 0 . 9 . 8 a - 3 ] b r > - d i s a b l e b u i l t i n c o m p r e s s i o n m e t h o d s f o r n o w u n t i l t h e y w o r k b r > p r o p e r l y ( # 1 7 3 3 9 9 ) b r > b r > [ 0 . 9 . 8 a - 2 ] b r > - d o n ' t s e t - r p a t h f o r o p e n s s l b i n a r y b r > b r > [ 0 . 9 . 8 a - 1 ] b r > - n e w u p s t r e a m v e r s i o n b r > - p a t c h e s p a r t i a l l y r e n u m b e r e d b r > b r > [ 0 . 9 . 7 f - 1 1 ] b r > - u p d a t e d I B M I C A e n g i n e l i b r a r y a n d p a t c h t o l a t e s t u p s t r e a m v e r s i o n b r > b r > [ 0 . 9 . 7 f - 1 0 ] b r > - f i x C A N - 2 0 0 5 - 2 9 6 9 - r e m o v e S S L _ O P _ M S I E _ S S L V 2 _ R S A _ P A D D I N G w h i c h b r > d i s a b l e s t h e c o u n t e r m e a s u r e a g a i n s t m a n i n t h e m i d d l e a t t a c k i n S S L v 2 b r > ( # 1 6 9 8 6 3 ) b r > - u s e s h a 1 a s d e f a u l t f o r C A a n d c e r t r e q u e s t s - C A N - 2 0 0 5 - 2 9 4 6 ( # 1 6 9 8 0 3 ) b r > b r > [ 0 . 9 . 7 f - 9 ] b r > - a d d * . s o . s o v e r s i o n a s s y m l i n k s i n / l i b ( # 1 6 5 2 6 4 ) b r > - r e m o v e u n p a c k a g e d s y m l i n k s ( # 1 5 9 5 9 5 ) b r > - f i x e s f r o m u p s t r e a m ( c o n s t a n t t i m e f i x e s f o r D S A , b r > b n a s s e m b l e r d i v o n p p c a r c h , i n i t i a l i z e m e m o r y o n r e a l l o c ) b r > b r > [ 0 . 9 . 7 f - 8 ] b r > - U p d a t e d I C A e n g i n e I B M p a t c h t o l a t e s t u p s t r e a m v e r s i o n . b r > b r > [ 0 . 9 . 7 f - 7 ] b r > - f i x C A N - 2 0 0 5 - 0 1 0 9 - u s e c o n s t a n t t i m e / m e m o r y a c c e s s m o d _ e x p b r > s o b i t s o f p r i v a t e k e y a r e n ' t l e a k e d b y c a c h e e v i c t i o n ( # 1 5 7 6 3 1 ) b r > - a f e w m o r e f i x e s f r o m u p s t r e a m 0 . 9 . 7 g b r > b r > [ 0 . 9 . 7 f - 6 ] b r > - u s e p o l l i n s t e a d o f s e l e c t i n r a n d ( # 1 2 8 2 8 5 ) b r > - f i x M a k e f i l e . c e r t i f i c a t e t o p o i n t t o / e t c / p k i / t l s b r > - c h a n g e t h e d e f a u l t s t r i n g m a s k i n A S N 1 t o P r i n t a b l e S t r i n g + U T F 8 S t r i n g b r > b r > [ 0 . 9 . 7 f - 5 ] b r > - u p d a t e t o r e v i s i o n 1 . 3 7 o f M o z i l l a C A b u n d l e b r > b r > [ 0 . 9 . 7 f - 4 ] b r > - m o v e c e r t i f i c a t e s t o _ s y s c o n f d i r / p k i / t l s ( # 1 4 3 3 9 2 ) b r > - m o v e C A d i r e c t o r i e s t o _ s y s c o n f d i r / p k i / C A b r > - p a t c h t h e C A s c r i p t a n d t h e d e f a u l t c o n f i g s o i t p o i n t s t o t h e b r > C A d i r e c t o r i e s b r > b r > [ 0 . 9 . 7 f - 3 ] b r > - u n i n i t i a l i z e d v a r i a b l e m u s t n ' t b e u s e d a s i n p u t i n i n l i n e b r > a s s e m b l y b r > - r e e n a b l e t h e x 8 6 _ 6 4 a s s e m b l y a g a i n b r > b r > [ 0 . 9 . 7 f - 2 ] b r > - a d d b a c k R C 4 _ C H A R o n i a 6 4 a n d x 8 6 _ 6 4 s o t h e A B I i s n ' t b r o k e n b r > - d i s a b l e b r o k e n b i g n u m a s s e m b l y o n x 8 6 _ 6 4 b r > b r > [ 0 . 9 . 7 f - 1 ] b r > - r e e n a b l e o p t i m i z a t i o n s o n p p c 6 4 a n d a s s e m b l y c o d e o n i a 6 4 b r > - u p g r a d e t o n e w u p s t r e a m v e r s i o n ( n o s o n a m e b u m p n e e d e d ) b r > - d i s a b l e t h r e a d t e s t - i t w a s t e s t i n g t h e b a c k p o r t o f t h e b r > R S A b l i n d i n g - n o l o n g e r n e e d e d b r > - a d d e d s u p p o r t f o r c h a n g i n g s e r i a l n u m b e r t o b r > M a k e f i l e . c e r t i f i c a t e ( # 1 5 1 1 8 8 ) b r > - m a k e c a - b u n d l e . c r t a c o n f i g f i l e ( # 1 1 8 9 0 3 ) b r > b r > [ 0 . 9 . 7 e - 3 ] b r > - l i b c r y p t o s h o u l d n ' t d e p e n d o n l i b k r b 5 ( # 1 3 5 9 6 1 ) b r > b r > [ 0 . 9 . 7 e - 2 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 e - 1 ] b r > - n e w u p s t r e a m s o u r c e , u p d a t e d p a t c h e s b r > - a d d e d p a t c h s o w e a r e h o p e f u l l y A B I c o m p a t i b l e w i t h u p c o m i n g b r > 0 . 9 . 7 f b r > b r > * T h u F e b 1 0 2 0 0 5 T o m a s M r a z t m r a z @ r e d h a t . c o m > b r > - S u p p o r t U T F - 8 c h a r s e t i n t h e M a k e f i l e . c e r t i f i c a t e ( # 1 3 4 9 4 4 ) b r > - A d d e d c m p t o B u i l d P r e r e q b r > b r > [ 0 . 9 . 7 a - 4 6 ] b r > - g e n e r a t e n e w c a - b u n d l e . c r t f r o m M o z i l l a c e r t d a t a . t x t ( r e v i s i o n 1 . 3 2 ) b r > b r > [ 0 . 9 . 7 a - 4 5 ] b r > - F i x e d a n d u p d a t e d l i b i c a - 1 . 3 . 4 - u r a n d o m . p a t c h p a t c h ( # 1 2 2 9 6 7 ) b r > b r > [ 0 . 9 . 7 a - 4 4 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 3 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 2 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 1 ] b r > - r e m o v e d e r _ c h o p , a s u p s t r e a m c v s h a s d o n e ( C A N - 2 0 0 4 - 0 9 7 5 , # 1 4 0 0 4 0 ) b r > b r > [ 0 . 9 . 7 a - 4 0 ] b r > - I n c l u d e l a t e s t l i b i c a v e r s i o n w i t h i m p o r t a n t b u g f i x e s b r > b r > * T u e J u n 1 5 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 3 8 ] b r > - U p d a t e d I C A e n g i n e I B M p a t c h t o l a t e s t u p s t r e a m v e r s i o n . b r > b r > [ 0 . 9 . 7 a - 3 7 ] b r > - b u i l d f o r l i n u x - a l p h a - g c c i n s t e a d o f a l p h a - g c c o n a l p h a ( J e f f G a r z i k ) b r > b r > [ 0 . 9 . 7 a - 3 6 ] b r > - h a n d l e % { _ a r c h } = i 4 8 6 / i 5 8 6 / i 6 8 6 / a t h l o n c a s e s i n t h e i n t e r m e d i a t e b r > h e a d e r ( # 1 2 4 3 0 3 ) b r > b r > [ 0 . 9 . 7 a - 3 5 ] b r > - a d d s e c u r i t y f i x e s f o r C A N - 2 0 0 4 - 0 0 7 9 , C A N - 2 0 0 4 - 0 1 1 2 b r > b r > * T u e M a r 1 6 2 0 0 4 P h i l K n i r s c h p k n i r s c h @ r e d h a t . c o m > b r > - F i x e d l i b i c a f i l e s p e c . b r > b r > [ 0 . 9 . 7 a - 3 4 ] b r > - p p c / p p c 6 4 d e f i n e _ _ p o w e r p c _ _ / _ _ p o w e r p c 6 4 _ _ , n o t _ _ p p c _ _ / _ _ p p c 6 4 _ _ , f i x b r > t h e i n t e r m e d i a t e h e a d e r b r > b r > [ 0 . 9 . 7 a - 3 3 ] b r > - a d d a n i n t e r m e d i a t e o p e n s s l / o p e n s s l c o n f . h > w h i c h p o i n t s t o t h e r i g h t b r > a r c h - s p e c i f i c o p e n s s l c o n f . h o n m u l t i l i b a r c h e s b r > b r > * T u e M a r 0 2 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 3 2 ] b r > - U p d a t e d l i b i c a t o l a t e s t u p s t r e a m v e r s i o n 1 . 3 . 5 . b r > b r > [ 0 . 9 . 7 a - 3 1 ] b r > - U p d a t e I C A c r y p t o e n g i n e p a t c h f r o m I B M t o l a t e s t v e r s i o n . b r > b r > * F r i F e b 1 3 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 2 9 ] b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 2 8 ] b r > - F i x e d l i b i c a b u i l d . b r > b r > * W e d F e b 0 4 2 0 0 4 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d ' - l d l ' t o l i n k f l a g s a d d e d f o r L i n u x - o n - A R M ( # 9 9 3 1 3 ) b r > b r > [ 0 . 9 . 7 a - 2 7 ] b r > - u p d a t e d c a - b u n d l e . c r t : r e m o v e d e x p i r e d G e o T r u s t r o o t s , a d d e d b r > f r e e s s l . c o m r o o t , r e m o v e d t r u s t c e n t e r . d e C l a s s 0 r o o t b r > b r > [ 0 . 9 . 7 a - 2 6 ] b r > - F i x l i n k l i n e f o r l i b s s l ( b u g # 1 1 1 1 5 4 ) . b r > b r > [ 0 . 9 . 7 a - 2 5 ] b r > - a d d d e p e n d e n c y o n z l i b - d e v e l f o r t h e - d e v e l p a c k a g e , w h i c h d e p e n d s o n z l i b b r > s y m b o l s b e c a u s e w e e n a b l e z l i b f o r l i b s s l ( # 1 0 2 9 6 2 ) b r > b r > [ 0 . 9 . 7 a - 2 4 ] b r > - U s e / d e v / u r a n d o m i n s t e a d o f P R N G f o r l i b i c a . b r > - A p p l y l i b i c a - 1 . 3 . 5 f i x f o r / d e v / u r a n d o m i n i c a l i n u x . c b r > - U s e l a t e s t I C A e n g i n e p a t c h f r o m I B M . b r > b r > [ 0 . 9 . 7 a - 2 2 . 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 2 2 ] b r > - r e b u i l d ( 2 2 w a s n ' t a c t u a l l y b u i l t , f u n e h ? ) b r > b r > [ 0 . 9 . 7 a - 2 3 ] b r > - r e - d i s a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * T u e S e p 3 0 2 0 0 3 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - a d d a _ m b s t r . c f i x f o r 6 4 - b i t p l a t f o r m s f r o m C V S b r > b r > [ 0 . 9 . 7 a - 2 2 ] b r > - a d d - W a , - - n o e x e c s t a c k t o R P M _ O P T _ F L A G S s o t h a t a s s e m b l e d m o d u l e s g e t t a g g e d b r > a s n o t n e e d i n g e x e c u t a b l e s t a c k s b r > b r > [ 0 . 9 . 7 a - 2 1 ] b r > - r e b u i l d b r > b r > * T h u S e p 2 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e - e n a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * T h u S e p 2 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e e x c l u s i v e a r c h b r > b r > [ 0 . 9 . 7 a - 2 0 ] b r > - o n l y p a r s e a c l i e n t c e r t i f o n e w a s r e q u e s t e d b r > - t e m p o r a r i l y e x c l u s i v e a r c h f o r % { i x 8 6 } b r > b r > * T u e S e p 2 3 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d s e c u r i t y f i x e s f o r p r o t o c o l p a r s i n g b u g s ( C A N - 2 0 0 3 - 0 5 4 3 , C A N - 2 0 0 3 - 0 5 4 4 ) b r > a n d h e a p c o r r u p t i o n ( C A N - 2 0 0 3 - 0 5 4 5 ) b r > - u p d a t e R H N S - C A - C E R T f i l e s b r > - e a s e b a c k o n t h e n u m b e r o f t h r e a d s u s e d i n t h e t h r e a d i n g t e s t b r > b r > [ 0 . 9 . 7 a - 1 9 ] b r > - r e b u i l d t o f i x g z i p p e d f i l e m d 5 s u m s ( # 9 1 2 1 1 ) b r > b r > [ 0 . 9 . 7 a - 1 8 ] b r > - U p d a t e d l i b i c a t o v e r s i o n 1 . 3 . 4 . b r > b r > [ 0 . 9 . 7 a - 1 7 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 0 . 9 ] b r > - f r e e t h e k s s l _ c t x s t r u c t u r e w h e n w e f r e e a n S S L s t r u c t u r e ( # 9 9 0 6 6 ) b r > b r > [ 0 . 9 . 7 a - 1 6 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 5 ] b r > - l o w e r t h r e a d t e s t c o u n t o n s 3 9 0 x b r > b r > [ 0 . 9 . 7 a - 1 4 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 3 ] b r > - d i s a b l e a s s e m b l y o n a r c h e s w h e r e i t s e e m s t o c o n f l i c t w i t h t h r e a d i n g b r > b r > [ 0 . 9 . 7 a - 1 2 ] b r > - U p d a t e d l i b i c a t o l a t e s t u p s t r e a m v e r s i o n 1 . 3 . 0 b r > b r > [ 0 . 9 . 7 a - 9 . 9 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 0 ] b r > - u b s e c : d o n ' t s t o m p o n o u t p u t d a t a w h i c h m i g h t a l s o b e i n p u t d a t a b r > b r > [ 0 . 9 . 7 a - 9 ] b r > - t e m p o r a r i l y d i s a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * M o n J u n 0 9 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b a c k p o r t f i x f o r e n g i n e - u s e d - f o r - e v e r y t h i n g f r o m 0 . 9 . 7 b b r > - b a c k p o r t f i x f o r p r n g n o t b e i n g s e e d e d c a u s i n g p r o b l e m s , a l s o f r o m 0 . 9 . 7 b b r > - a d d a c h e c k a t b u i l d - t i m e t o e n s u r e t h a t R S A i s t h r e a d - s a f e b r > - k e e p p e r l p a t h f r o m s t o m p i n g o n t h e l i b i c a c o n f i g u r e s c r i p t s b r > b r > * F r i J u n 0 6 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t h r e a d - s a f e t y f i x f o r R S A b l i n d i n g b r > b r > [ 0 . 9 . 7 a - 8 ] b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 7 ] b r > - A d d e d l i b i c a - 1 . 2 t o o p e n s s l ( f e a t u r e r e q u e s t ) . b r > b r > [ 0 . 9 . 7 a - 6 ] b r > - f i x b u i l d i n g w i t h i n c o r r e c t f l a g s o n p p c 6 4 b r > b r > [ 0 . 9 . 7 a - 5 ] b r > - a d d p a t c h t o h a r d e n a g a i n s t K l i m a - P o k o r n y - R o s a e x t e n s i o n o f B l e i c h e n b a c h e r ' s b r > a t t a c k ( C A N - 2 0 0 3 - 0 1 3 1 ) b r > b r > [ 0 . 9 . 7 a - 4 ] b r > - a d d p a t c h t o e n a b l e R S A b l i n d i n g b y d e f a u l t , c l o s i n g a t i m i n g a t t a c k b r > ( C A N - 2 0 0 3 - 0 1 4 7 ) b r > b r > [ 0 . 9 . 7 a - 3 ] b r > - d i s a b l e u s e o f B N a s s e m b l y m o d u l e o n x 8 6 _ 6 4 , b u t c o n t i n u e t o a l l o w i n l i n e b r > a s s e m b l y ( # 8 3 4 0 3 ) b r > b r > [ 0 . 9 . 7 a - 2 ] b r > - d i s a b l e E C a l g o r i t h m s b r > b r > [ 0 . 9 . 7 a - 1 ] b r > - u p d a t e t o 0 . 9 . 7 a b r > b r > [ 0 . 9 . 7 - 8 ] b r > - a d d f i x t o g u a r d a g a i n s t a t t e m p t s t o a l l o c a t e n e g a t i v e a m o u n t s o f m e m o r y b r > - a d d p a t c h f o r C A N - 2 0 0 3 - 0 0 7 8 , f i x i n g a t i m i n g a t t a c k b r > b r > [ 0 . 9 . 7 - 7 ] b r > - A d d o p e n s s l - p p c 6 4 . p a t c h b r > b r > [ 0 . 9 . 7 - 6 ] b r > - E V P _ D e c r y p t I n i t s h o u l d c a l l E V P _ C i p h e r I n i t ( ) i n s t e a d o f E V P _ C i p h e r I n i t _ e x ( ) , b r > t o g e t t h e r i g h t b e h a v i o r w h e n p a s s e d u n i n i t i a l i z e d c o n t e x t s t r u c t u r e s b r > ( # 8 3 7 6 6 ) b r > - b u i l d w i t h - m c p u = e v 5 o n a l p h a f a m i l y ( # 8 3 8 2 8 ) b r > b r > * W e d J a n 2 2 2 0 0 3 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 - 4 ] b r > - A d d e d I B M h w c r y p t o s u p p o r t p a t c h . b r > b r > * W e d J a n 1 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d m i s s i n g b u i l d d e p o n s e d b r > b r > [ 0 . 9 . 7 - 3 ] b r > - d e b l o a t b r > - f i x b r o k e n m a n p a g e s y m l i n k s b r > b r > [ 0 . 9 . 7 - 2 ] b r > - f i x d o u b l e - f r e e i n ' o p e n s s l c a ' b r > b r > [ 0 . 9 . 7 - 1 ] b r > - u p d a t e t o 0 . 9 . 7 f i n a l b r > b r > [ 0 . 9 . 7 - 0 ] b r > - u p d a t e t o 0 . 9 . 7 b e t a 6 ( D O N O T U S E U N T I L U P D A T E D T O F I N A L 0 . 9 . 7 ) b r > b r > * W e d D e c 1 1 2 0 0 2 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 7 b e t a 5 ( D O N O T U S E U N T I L U P D A T E D T O F I N A L 0 . 9 . 7 ) b r > b r > [ 0 . 9 . 6 b - 3 0 ] b r > - a d d c o n f i g u r a t i o n s t a n z a f o r x 8 6 _ 6 4 a n d u s e i t o n x 8 6 _ 6 4 b r > - b u i l d f o r l i n u x - p p c o n p p c b r > - s t a r t r u n n i n g t h e s e l f - t e s t s a g a i n b r > b r > [ 0 . 9 . 6 b - 2 9 h a m m e r . 3 ] b r > - M e r g e f i x e s f r o m p r e v i o u s h a m m e r p a c k a g e s , i n c l u d i n g g e n e r a l x 8 6 - 6 4 a n d b r > m u l t i l i b b r > b r > [ 0 . 9 . 6 b - 2 9 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 8 ] b r > - u p d a t e a s n p a t c h t o f i x a c c i d e n t a l r e v e r s a l o f a l o g i c c h e c k b r > b r > [ 0 . 9 . 6 b - 2 7 ] b r > - u p d a t e a s n p a t c h t o r e d u c e c h a n c e t h a t c o m p i l e r o p t i m i z a t i o n w i l l r e m o v e b r > o n e o f t h e a d d e d t e s t s b r > b r > [ 0 . 9 . 6 b - 2 6 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 5 ] b r > - a d d p a t c h t o f i x A S N . 1 v u l n e r a b i l i t i e s b r > b r > [ 0 . 9 . 6 b - 2 4 ] b r > - a d d b a c k p o r t o f B e n L a u r i e ' s p a t c h e s f o r O p e n S S L 0 . 9 . 6 d b r > b r > [ 0 . 9 . 6 b - 2 3 ] b r > - o w n { _ d a t a d i r } / s s l / m i s c b r > b r > * F r i J u n 2 1 2 0 0 2 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - a u t o m a t e d r e b u i l d b r > b r > * S u n M a y 2 6 2 0 0 2 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - a u t o m a t e d r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 0 ] b r > - f r e e r i d e t h r o u g h t h e b u i l d s y s t e m ( w h e e ! ) b r > b r > [ 0 . 9 . 6 b - 1 9 ] b r > - r e b u i l d i n n e w e n v i r o n m e n t b r > b r > [ 0 . 9 . 6 b - 1 7 , 0 . 9 . 6 b - 1 8 ] b r > - m e r g e R H L - s p e c i f i c b i t s i n t o s t r o n g h o l d p a c k a g e , r e n a m e b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 c - 2 ] b r > - a d d s u p p o r t f o r C h r y s a l i s L u n a t o k e n b r > b r > * T u e M a r 2 6 2 0 0 2 G a r y B e n s o n g b e n s o n @ r e d h a t . c o m > b r > - d i s a b l e A E P r a n d o m n u m b e r g e n e r a t i o n , o t h e r A E P f i x e s b r > b r > [ 0 . 9 . 6 b - 1 5 ] b r > - o n l y b u i l d s u b p a c k a g e s o n p r i m a r y a r c h e s b r > b r > [ 0 . 9 . 6 b - 1 3 ] b r > - o n i a 3 2 , o n l y d i s a b l e u s e o f a s s e m b l e r o n i 3 8 6 b r > - e n a b l e a s s e m b l y o n i a 6 4 b r > b r > [ 0 . 9 . 6 b - 1 1 ] b r > - f i x s p a r c v 9 e n t r y b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 c - 1 ] b r > - u p g r a d e t o 0 . 9 . 6 c b r > - b u m p B u i l d A r c h t o i 6 8 6 a n d e n a b l e a s s e m b l e r o n a l l p l a t f o r m s b r > - s y n c h r o n i s e w i t h s h r i m p y a n d r a w h i d e b r > - b u m p s o v e r s i o n t o 3 b r > b r > * W e d O c t 1 0 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - d e l e t e B N _ L L O N G f o r s 3 9 0 x , p a t c h f r o m O l i v e r P a u k s t a d t b r > b r > [ 0 . 9 . 6 b - 9 ] b r > - u p d a t e A E P d r i v e r p a t c h b r > b r > * M o n S e p 1 0 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d j u s t R N G d i s a b l i n g p a t c h t o m a t c h v e r s i o n o f p a t c h f r o m B r o a d c o m b r > b r > [ 0 . 9 . 6 b - 8 ] b r > - d i s a b l e t h e R N G i n t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 7 ] b r > - t w e a k s t o t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 6 ] b r > - t w e a k s t o t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 5 ] b r > - u p d a t e u b s e c e n g i n e d r i v e r f r o m B r o a d c o m b r > b r > [ 0 . 9 . 6 b - 4 ] b r > - m o v e m a n p a g e s b a c k t o % { _ m a n d i r } / m a n ? / f o o . ? s s l f r o m b r > % { _ m a n d i r } / m a n ? s s l / f o o . ? b r > - a d d a n [ e n g i n e ] s e c t i o n t o t h e d e f a u l t c o n f i g u r a t i o n f i l e b r > b r > * T h u A u g 0 9 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a p a t c h f o r s e l e c t i n g a d e f a u l t e n g i n e i n S S L _ l i b r a r y _ i n i t ( ) b r > b r > [ 0 . 9 . 6 b - 3 ] b r > - a d d p a t c h e s f o r A E P h a r d w a r e s u p p o r t b r > - a d d p a t c h t o k e e p t r y i n g w h e n w e f a i l t o l o a d a c e r t f r o m a f i l e a n d b r > t h e r e a r e m o r e i n t h e f i l e b r > - a d d m i s s i n g p r o t o t y p e f o r E N G I N E _ u b s e c ( ) i n e n g i n e _ i n t . h b r > b r > [ 0 . 9 . 6 b - 2 ] b r > - a c t u a l l y a d d h w _ u b s e c t o t h e e n g i n e l i s t b r > b r > * T u e J u l 1 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d i n t h e h w _ u b s e c d r i v e r f r o m C V S b r > b r > [ 0 . 9 . 6 b - 1 ] b r > - u p d a t e t o 0 . 9 . 6 b b r > b r > * T h u J u l 0 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e . s o s y m l i n k s b a c k t o % { _ l i b d i r } b r > b r > * T u e J u l 0 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e s h a r e d l i b r a r i e s t o / l i b ( # 3 8 4 1 0 ) b r > b r > * M o n J u n 2 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - s w i t c h t o e n g i n e c o d e b a s e b r > b r > * M o n J u n 1 8 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a s c r i p t f o r c r e a t i n g d u m m y c e r t i f i c a t e s b r > - m o v e m a n p a g e s f r o m % { _ m a n d i r } / m a n ? / f o o . ? s s l t o % { _ m a n d i r } / m a n ? s s l / f o o . ? b r > b r > * T h u J u n 0 7 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - a d d s 3 9 0 x s u p p o r t b r > b r > * F r i J u n 0 1 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - c h a n g e t w o m e m c p y ( ) c a l l s t o m e m m o v e ( ) b r > - d o n ' t d e f i n e L _ E N D I A N o n a l p h a b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 a - 1 ] b r > - A d d ' s t r o n g h o l d - ' p r e f i x t o p a c k a g e n a m e s . b r > - O b s o l e t e s t a n d a r d o p e n s s l p a c k a g e s . b r > b r > * W e d M a y 1 6 2 0 0 1 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - A d d B u i l d A r c h : i 5 8 6 a s p e r N a l i n ' s a d v i c e . b r > b r > * T u e M a y 1 5 2 0 0 1 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - E n a b l e a s s e m b l e r o n i x 8 6 ( u s i n g n e w . t a r . b z 2 w h i c h d o e s b r > i n c l u d e t h e a s m d i r e c t o r i e s ) . b r > b r > * T u e M a y 1 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m a k e s u b p a c k a g e s d e p e n d o n t h e m a i n p a c k a g e b r > b r > * T u e M a y 0 1 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d j u s t t h e h o b b l e s c r i p t t o n o t d i s t u r b s y m l i n k s i n i n c l u d e / ( f i x f r o m b r > J o e O r t o n ) b r > b r > * F r i A p r 2 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d r o p t h e m 2 c r y p o p a t c h w e w e r e n ' t u s i n g b r > b r > * T u e A p r 2 4 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - c o n f i g u r e u s i n g ' s h a r e d ' a s w e l l b r > b r > * S u n A p r 0 8 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 6 a b r > - u s e t h e b u i l d - s h a r e d t a r g e t t o b u i l d s h a r e d l i b r a r i e s b r > - b u m p t h e s o v e r s i o n t o 2 b e c a u s e w e ' r e n o l o n g e r c o m p a t i b l e w i t h b r > o u r 0 . 9 . 5 a p a c k a g e s o r o u r 0 . 9 . 6 p a c k a g e s b r > - d r o p t h e p a t c h f o r m a k i n g r s a t e s t a n o - o p w h e n r s a n u l l s u p p o r t i s u s e d b r > - p u t a l l m a n p a g e s i n t o s e c t i o n > s s l i n s t e a d o f s e c t i o n > b r > - b r e a k t h e m 2 c r y p t o m o d u l e s i n t o a s e p a r a t e p a c k a g e b r > b r > * T u e M a r 1 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u s e B N _ L L O N G o n s 3 9 0 b r > b r > * M o n M a r 1 2 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - f i x t h e s 3 9 0 c h a n g e s f o r 0 . 9 . 6 ( i s n ' t s u p p o s e d t o b e m a r k e d a s 6 4 - b i t ) b r > b r > * S a t M a r 0 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e c _ r e h a s h t o t h e p e r l s u b p a c k a g e , b e c a u s e i t ' s a p e r l s c r i p t n o w b r > b r > * F r i M a r 0 2 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 6 b r > - e n a b l e M D 2 b r > - u s e t h e l i b c r y p t o . s o a n d l i b s s l . s o t a r g e t s t o b u i l d s h a r e d l i b s w i t h b r > - b u m p t h e s o v e r s i o n t o 1 b e c a u s e w e ' r e n o l o n g e r c o m p a t i b l e w i t h a n y o f b r > t h e v a r i o u s 0 . 9 . 5 a p a c k a g e s c i r c u l a t i n g a r o u n d , w h i c h p r o v i d e l i b * . s o . 0 b r > b r > * W e d F e b 2 8 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - c h a n g e h o b b l e - o p e n s s l f o r d i s a b l i n g M D 2 a g a i n b r > b r > * T u e F e b 2 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e - d i s a b l e M D 2 - - t h e E V P _ M D _ C T X s t r u c t u r e w o u l d g r o w f r o m 1 0 0 t o 1 5 2 b r > b y t e s o r s o , c a u s i n g E V P _ D i g e s t I n i t ( ) t o z e r o o u t s t a c k v a r i a b l e s i n b r > a p p s b u i l t a g a i n s t a v e r s i o n o f t h e l i b r a r y w i t h o u t i t b r > b r > * M o n F e b 2 6 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e s o m e i n l i n e a s s e m b l y , w h i c h o n x 8 6 i s P e n t i u m - s p e c i f i c b r > - r e - e n a b l e M D 2 ( s e e h t t p : / / w w w . i e t f . o r g / i e t f / I P R / R S A - M D - a l l ) b r > b r > * T h u F e b 0 8 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - f i x s 3 9 0 p a t c h b r > b r > * F r i D e c 0 8 2 0 0 0 T h a n N g o t h a n @ r e d h a t . c o m > b r > - a d d e d s u p p o r t s 3 9 0 b r > b r > * M o n N o v 2 0 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e - W a , * a n d - m * c o m p i l e r f l a g s f r o m t h e d e f a u l t C o n f i g u r e f i l e ( # 2 0 6 5 6 ) b r > - a d d t h e C A . p l m a n p a g e t o t h e p e r l s u b p a c k a g e b r > b r > * T h u N o v 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a l w a y s b u i l d w i t h - m c p u = e v 5 o n a l p h a b r > b r > * T u e O c t 3 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a s y m l i n k f r o m c e r t . p e m t o c a - b u n d l e . c r t b r > b r > * W e d O c t 2 5 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a c a - b u n d l e f i l e f o r p a c k a g e s l i k e S a m b a t o r e f e r e n c e f o r C A c e r t i f i c a t e s b r > b r > * T u e O c t 2 4 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e l i b c r y p t o ' s c r y p t ( ) , w h i c h d o e s n ' t h a n d l e m d 5 c r y p t ( # 1 9 2 9 5 ) b r > b r > * M o n O c t 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d u n z i p a s a b u i l d p r e r e q ( # 1 7 6 6 2 ) b r > - u p d a t e m 2 c r y p t o t o 0 . 0 5 - s n a p 4 b r > b r > * T u e S e p 2 6 2 0 0 0 B i l l N o t t i n g h a m n o t t i n g @ r e d h a t . c o m > b r > - f i x s o m e i s s u e s i n b u i l d i n g w h e n i t ' s n o t i n s t a l l e d b r > b r > * W e d S e p 0 6 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m a k e s u r e t h e h e a d e r s w e i n c l u d e a r e t h e o n e s w e b u i l t w i t h ( a a a a a r r g h ! ) b r > b r > * F r i S e p 0 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d R i c h a r d H e n d e r s o n ' s p a t c h f o r B N o n i a 6 4 b r > - c l e a n u p t h e c h a n g e l o g b r > b r > * T u e A u g 2 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - f i x t h e b u i l d i n g o f p y t h o n m o d u l e s w i t h o u t o p e n s s l - d e v e l a l r e a d y i n s t a l l e d b r > b r > * W e d A u g 2 3 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b y t e - c o m p i l e p y t h o n e x t e n s i o n s w i t h o u t t h e b u i l d - r o o t b r > - a d j u s t t h e m a k e f i l e t o n o t r e m o v e t e m p o r a r y f i l e s ( l i k e . k e y f i l e s w h e n b r > b u i l d i n g . c s r f i l e s ) b y m a r k i n g t h e m a s . P R E C I O U S b r > b r > * S a t A u g 1 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b r e a k o u t p y t h o n e x t e n s i o n s i n t o a s u b p a c k a g e b r > b r > * M o n J u l 1 7 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t w e a k t h e m a k e f i l e s o m e m o r e b r > b r > * T u e J u l 1 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e M D 2 s u p p o r t b r > b r > * T h u J u l 0 6 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e M D C 2 s u p p o r t b r > b r > * S u n J u l 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t w e a k t h e d i s a b l i n g o f R C 5 , I D E A s u p p o r t b r > - t w e a k t h e m a k e f i l e b r > b r > * T h u J u n 2 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - s t r i p b i n a r i e s a n d l i b r a r i e s b r > - r e w o r k c e r t i f i c a t e m a k e f i l e t o h a v e t h e r i g h t p a r t s f o r A p a c h e b r > b r > * W e d J u n 2 8 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u s e % { _ p e r l } i n s t e a d o f / u s r / b i n / p e r l b r > - d i s a b l e a l p h a u n t i l i t p a s s e s i t s o w n t e s t s u i t e b r > b r > * F r i J u n 0 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e t h e p a s s w d . 1 m a n p a g e o u t o f t h e p a s s w d p a c k a g e ' s w a y b r > b r > * F r i J u n 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 5 a , m o d i f i e d f o r U . S . b r > - a d d p e r l a s a b u i l d - t i m e r e q u i r e m e n t b r > - m o v e c e r t i f i c a t e m a k e f i l e t o a n o t h e r p a c k a g e b r > - d i s a b l e R C 5 , I D E A , R S A s u p p o r t b r > - r e m o v e o p t i m i z a t i o n s f o r n o w b r > b r > * W e d M a r 0 1 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - B e r o t o l d m e t o m o v e t h e M a k e f i l e i n t o t h i s p a c k a g e b r > b r > * W e d M a r 0 1 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - a d d l i b * . s o s y m l i n k s t o l i n k d y n a m i c a l l y a g a i n s t s h a r e d l i b s b r > b r > * T u e F e b 2 9 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - u p d a t e t o 0 . 9 . 5 b r > - r u n l d c o n f i g d i r e c t l y i n p o s t / p o s t u n b r > - a d d F A Q b r > b r > * S a t D e c 1 8 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - F i x b u i l d o n n o n - x 8 6 p l a t f o r m s b r > b r > * F r i N o v 1 2 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - m o v e / u s r / s h a r e / s s l / * f r o m - d e v e l t o m a i n p a c k a g e b r > b r > * T u e O c t 2 6 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - i n i t a l p a c k a g i n g b r > - c h a n g e s f r o m b a s e : b r > - M o v e / u s r / l o c a l / s s l t o / u s r / s h a r e / s s l f o r F H S c o m p l i a n c e b r > - h a n d l e R P M _ O P T _ F L A G S b r > o p e n s s l - 1 . 0 . 1 - b e t a 2 - r p m b u i l d . p a t c h b r > o p e n s s l - 0 . 9 . 8 a - n o - r p a t h . p a t c h / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 0 9 . h t m l \" > C V E - 2 0 1 5 - 0 2 0 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 6 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 6 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 7 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 7 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 8 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 8 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 9 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 9 2 . h t m l \" > C V E - 2 0 1 5 - 0 2 9 2 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 9 3 . h t m l \" > C V E - 2 0 1 5 - 0 2 9 3 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 6 ( x 8 6 _ 6 4 ) / t d > t d > o p e n s s l - f i p s - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . s r c . r p m / t d > t d > a 1 5 1 5 7 a e 5 1 c 4 9 6 a 0 f b b c e b f 3 e d 8 1 c 7 5 2 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 3 f e 4 0 1 6 a 2 0 6 1 6 3 0 9 f 3 6 1 8 9 5 e f f 1 a 6 b a / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - d e v e l - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 8 4 2 5 9 3 d f 2 9 4 e 9 b 4 a f 9 e c 8 9 e e a 2 c 3 e 7 c a / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - p e r l - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 d f b a e 8 9 0 b e 2 5 f f 1 4 c 3 e 7 a 2 6 f 5 0 5 8 a 3 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - s t a t i c - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > a e c b 3 b 5 9 b c c b a 0 e 8 f b a 2 b 6 2 e 4 3 c c 6 a b e / t d > t d > a h r e f = # > - / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "modified": "2015-04-02T00:00:00", "published": "2015-04-02T00:00:00", "id": "ELSA-2015-3022", "href": "http://linux.oracle.com/errata/ELSA-2015-3022.html", "title": "openssl-fips security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-12-25T20:17:49", "bulletinFamily": "info", "description": "### Overview \n\nFiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o).\n\n### Description \n\nFiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier uses OpenSSL for SSL/TLS encryption. The version of OpenSSL that comes with the Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier is 0.9.8o that is out of date and known to be vulnerable. \n \n--- \n \n### Impact \n\nA remote attacker may be able to cause a denial of service or possibly run arbitrary code. \n \n--- \n \n### Solution \n\n**Apply an Update**\n\nApply patch 1-1IJ6ZK. The patch will upgrade OpenSSL to version 0.9.8x. Patch 1-1IJ6ZK can be obtained from [Xerox tech support](<http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64>). \n \n--- \n \n**Restrict access** \n \nAs a general good security practice, only allow connections from trusted hosts and networks. \n \n--- \n \n### Vendor Information\n\n737740\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ EFI \n\nNotified: December 18, 2012 Updated: March 18, 2013 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.9 | AV:A/AC:M/Au:N/C:P/I:P/A:C \nTemporal | 5.1 | E:U/RL:OF/RC:C \nEnvironmental | 1 | CDP:L/TD:L/CR:L/IR:L/AR:L \n \n \n\n\n### References \n\n * [http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64](<http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64>)\n * <https://www.openssl.org/news/vulnerabilities.html>\n * <http://w3.efi.com/Fiery>\n\n### Credit\n\nThanks to Curtis Rhodes for reporting this vulnerability. \n\nThis document was written by Jared Allar. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2013-0169, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169>) [CVE-2013-0166, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166>) [CVE-2012-2333, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2333>) [CVE-2012-0884, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0884>) [CVE-2011-4619, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4619>) [CVE-2011-4577, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4577>) [CVE-2011-4576, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4576>) [CVE-2011-4109, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4109>) [CVE-2011-4108, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108>) [CVE-2010-4180, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4180>) [CVE-2010-3864](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3864>) \n---|--- \n**Date Public:** | 2013-03-18 \n**Date First Published:** | 2013-03-18 \n**Date Last Updated: ** | 2013-05-02 17:40 UTC \n**Document Revision: ** | 29 \n", "modified": "2013-05-02T17:40:00", "published": "2013-03-18T00:00:00", "id": "VU:737740", "href": "https://www.kb.cert.org/vuls/id/737740", "type": "cert", "title": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:09", "bulletinFamily": "unix", "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.0e\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.", "modified": "2015-06-06T00:00:00", "published": "2011-10-09T00:00:00", "id": "GLSA-201110-01", "href": "https://security.gentoo.org/glsa/201110-01", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}