openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0951-1)

Specially crafted responses from SSL servers could cause a double-free bug in openssl's client implementation. Malicious servers could exploit that to crash programs use openssl for the SSL connection CVE-2010-2939. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0952-1)

Specially crafted responses from SSL servers could cause a double-free bug in openssl's client implementation. Malicious servers could exploit that to crash programs use openssl for the SSL connection CVE-2010-2939. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0951-1)

Specially crafted responses from SSL servers could cause a double-free bug in openssl's client implementation. Malicious servers could exploit that to crash programs use openssl for the SSL connection CVE-2010-2939. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

HP/HPE System Management Homepage (SMH) Multiple Vulnerabilities (HPSBMA02662)

HP/HPE System Management Homepage SMH is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02735910 Version: 1 HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service DoS NOTICE:...

FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:10.openssl.asc SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:10.openssl.asc ADV FreeBSD-SA-10:10.openssl.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-10:10.openssl.asc Authors: Thomas Reinke Copyright: Copyright c 201...

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0b-alt1

Nov. 16, 2010 Dmitry V. Levin 1.0.0b-alt1 - Updated to 1.0.0b fixes CVE-2010-2939 and CVE-2010-3864...

Security fix for the ALT Linux 8 package openssl10 version 1.0.0b-alt1

Nov. 16, 2010 Dmitry V. Levin 1.0.0b-alt1 - Updated to 1.0.0b fixes CVE-2010-2939 and CVE-2010-3864...

Security fix for the ALT Linux 6 package openssl10 version 1.0.0b-alt1

Nov. 16, 2010 Dmitry V. Levin 1.0.0b-alt1 - Updated to 1.0.0b fixes CVE-2010-2939 and CVE-2010-3864...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7174)

Specially crafted responses from SSL servers could cause a double-free bug in openssl's client implementation. Malicious servers could exploit that to crash programs use openssl for the SSL connection CVE-2010-2939. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The tex...

Security fix for the ALT Linux 9 package openssl10 version 1.0.0b-alt1

Nov. 16, 2010 Dmitry V. Levin 1.0.0b-alt1 - Updated to 1.0.0b fixes CVE-2010-2939 and CVE-2010-3864...

Ubuntu: Security Advisory (USN-1003-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : openssl vulnerabilities (USN-1003-1)

It was discovered that OpenSSL incorrectly handled return codes from the bnwexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06...

Mandriva Update for openssl MDVSA-2010:168 (openssl)

Check for the Version of openssl OpenVAS Vulnerability Test Mandriva Update for openssl MDVSA-2010:168 openssl Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CVE-2010-2939

CVE-2010-2939 is a double-free vulnerability in OpenSSL’s client ssl3_get_key_exchange when using ECDH. A crafted private key with an invalid prime can cause a context-dependent crash and may allow arbitrary code execution. Affected OpenSSL versions include 1.0.0a, 0.9.8, 0.9.7 (and possibly othe...