201 matches found
openSUSE: Security Advisory for openssl (openSUSE-SU-2015:0130-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for openssl (important)
openssl was updated to 1.0.1k to fix various security issues and bugs. More information can be found in the openssl advisory: http://openssl.org/news/secadv20150108.txt Following issues were fixed: CVE-2014-3570 bsc912296: Bignum squaring BNsqr may have produced incorrect results on some platform...
OracleVM 3.3 : openssl (OVMSA-2015-0005) (FREAK)
The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3570 - incorrect computation in BNsqr - fix CVE-2014-3571 - possible crash in dtls1getrecord - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix...
RedHat Update for openssl RHSA-2015:0066-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 6 / 7 : openssl (ELSA-2015-0066)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0066 advisory. - fix CVE-2014-3570 - incorrect computation in BNsqr - fix CVE-2014-3571 - possible crash in dtls1getrecord - fix CVE-2014-3572 - possible downgrad...
Fedora Update for openssl FEDORA-2015-0601
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openssl security update
CentOS Errata and Security Advisory CESA-2015:0066 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
openssl security update
1.0.1e-34.7 - fix CVE-2014-3570 - incorrect computation in BNsqr - fix CVE-2014-3571 - possible crash in dtls1getrecord - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support f...
OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.0p. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0p advisory. - Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote...
OpenSSL DTLS dtls1_get_record Segmentation Fault Denial of Service (CVE-2014-3571)
A vulnerability has been detected in the way OpenSSL handles DTLS messages. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL which could lead to a Denial Of Service attack...
FreeBSD-SA-15:01.openssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2015-01-14 Affects: All...
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt1
Jan. 12, 2015 Gleb Fotengauer-Malinovskiy 1.0.1k-alt1 - Updated to 1.0.1k fixes CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 closes: 30644...
Security fix for the ALT Linux 9 package openssl10 version 1.0.1k-alt1
Jan. 12, 2015 Gleb Fotengauer-Malinovskiy 1.0.1k-alt1 - Updated to 1.0.1k fixes CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 closes: 30644...
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt1
Jan. 12, 2015 Gleb Fotengauer-Malinovskiy 1.0.1k-alt1 - Updated to 1.0.1k fixes CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 closes: 30644...
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt1
Jan. 12, 2015 Gleb Fotengauer-Malinovskiy 1.0.1k-alt1 - Updated to 1.0.1k fixes CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 closes: 30644...
[SECURITY] [DSA 3125-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3125-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 11, 2015 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3125-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] openssl
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssl-1.0.1k-i486-1slack14.1.txz: Upgraded. This update fixes several security issues: DTLS segmentation...
CVE-2014-3571
OpenSSL DTLS Denial of Service vulnerability (CVE-2014-3571) affects OpenSSL versions prior to 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k. A crafted DTLS message is processed with a different read operation for the handshake header than for the handshake body, triggering a NULL pointer...
UBUNTU-CVE-2014-3571
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake bod...