K95463126: OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704

Security Advisory Description CVE-2016-0703 The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, whic...

[SECURITY] Fedora 21 Update: mingw-openssl-1.0.2a-1.fc21

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

PT-2015-1688 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue allows remote attackers to cause a denial of service daemon crash via a ClientKeyExchange message with a length of zero, when client authentication and an ephemeral...

PT-2015-1684 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 1.0.2a Description: The issue is related to the ASN.1 signature-verification implementation in the rsa item verify function. It allows remote attackers to cause a denial of service, resulting in a NULL pointer...

PT-2015-1685 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue is related to the ssl3 client hello function in OpenSSL, which does not ensure the proper initialization of the pseudorandom number generator PRNG before the...

PT-2015-1687 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 1.0.2a Description: The issue is related to the sigalgs implementation in OpenSSL, which allows remote attackers to cause a denial of service by using an invalid signature algorithms extension in the ClientHello...

PT-2015-1683 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue is related to the dtls1 listen function in OpenSSL, which does not properly isolate state information of independent data streams. This can be exploited by a remote...