9 matches found
Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway
Summary IBM DataPower Gateway has addressed two CVEs relating to SSL: CVE-2019-1559 & CVE-2018-0734 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then...
EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2020-1629)
According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1258)
According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receiv...
Security fix for the ALT Linux 9 package openssl10 version 1.0.2r-alt1
March 20, 2019 Gleb Fotengauer-Malinovskiy 1.0.2r-alt1 - Updated to 1.0.2r fixes CVE-2019-1559. - Synced cipher-list.conf with libcrypto1.1 1.1.1b-alt1...
ALPINE-CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
CVE-2019-1559 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
OpenSSL Releases Security Update
OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the OpenSSL...