39 matches found
RHEL 6 : openssl (RHSA-2019:2471)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2471 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
openssl security and bug fix update
1.0.2k-19.0.1 - Bump release for rebuild. 1.0.2k-19 - close the RSA decryption 9 lives of Bleichenbacher cat timing side channel 1649568 1.0.2k-18 - fix CVE-2018-0734 - DSA signature local timing side channel - fix CVE-2019-1559 - 0-byte record padding oracle - close the RSA decryption One & done...
RHEL 7 : openssl (RHSA-2019:2304)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2304 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
Security update for compat-openssl098 (moderate)
openSUSE Security Update: Security update for compat-openssl098 Announcement ID: openSUSE-SU-2019:1637-1 Rating: moderate References: 1117951 1127080 1131291 Cross-References: CVE-2019-1559 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has two fixes is now...
SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1362-1)
This update for openssl fixes the following issues : Security issue fixed : CVE-2019-1559: Fixed a 0-byte record padding oracle via SSLshutdown bsc1127080. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
SUSE-SU-2019:1362-1 Security update for openssl
This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1559: Fixed a 0-byte record padding oracle via SSLshutdown bsc1127080...
Security update for openssl-1_0_0 (moderate)
openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2019:1432-1 Rating: moderate References: 1117951 1127080 Cross-References: CVE-2019-1559 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...
Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)
Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2019-1559 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts...
Security update for openssl (moderate)
openSUSE Security Update: Security update for openssl Announcement ID: openSUSE-SU-2019:1175-1 Rating: moderate References: 1100078 1113975 1117951 1127080 Cross-References: CVE-2019-1559 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has three fixes is now...
OPENSUSE-SU-2019:1105-1 Security update for openssl-1_0_0
This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...
SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2019:0803-1)
This update for openssl fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...
SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2019:0600-1)
This update for openssl-100 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...
SUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2019:0572-1)
This update for openssl-100 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...
CVE-2019-1559 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
FreeBSD : OpenSSL -- Padding oracle vulnerability (7700061f-34f7-11e9-b95c-b499baebfeaf)
The OpenSSL project reports : 0-byte record padding oracle CVE-2019-1559 Moderate If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte...
uriparser -- Out-of-bounds read
Upstream project reports: Out-of-bounds read in uriParseEx for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1"; mitigated if passed parameter afterLast points to readable memory containing a '\0' byte...
Null pointer dereference
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and crash by setting the tags TIFFSETGETC16ASCII or TIFFSETGETC32ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix f...
CVE-2016-9448
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and crash by setting the tags TIFFSETGETC16ASCII or TIFFSETGETC32ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix f...
CVE-2016-9448
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and crash by setting the tags TIFFSETGETC16ASCII or TIFFSETGETC32ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix f...