5 matches found
SUSE CVE-2018-8970
The intx509paramsethosts function in lib/libcrypto/x509/x509vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain...
openSUSE Security Update : libressl (openSUSE-2018-953)
This update for libressl to version 2.8.0 fixes the following issues : Security issues fixed : - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. boo1097779 - Reject excessively large primes in DH key generation. - CVE-2018-8970: Fixed a bug in...
openSUSE: Security Advisory for libressl (openSUSE-SU-2018:2597-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2018-8970
The intx509paramsethosts function in lib/libcrypto/x509/x509vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain...
CVE-2018-8970
The intx509paramsethosts function in lib/libcrypto/x509/x509vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain...