CentOS Update for nss CESA-2016:0007 centos6

Check the version of nss SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882360";...

openSUSE Security Update : mbedtls (openSUSE-2015-898)

This update for mbedtls fixes the following security and non-security issues : - Update to 1.3.15 - Fix potential double free if sslsetpsk is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. - Fix potential heap corruption on windows...

OpenSSL: Certificate verify crash with missing PSS parameter

A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication...

Amazon Linux: Security Advisory (ALAS-2015-564)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Honeywell International Tuxedo Touch Security Bypass Vulnerability

Honeywell International Tuxedo Touch is a set of automation touch controllers for businesses and homes from Honeywell International, which can control cameras, thermostats, lamps, smart locks, shades, and more via the Web or a related app. A security vulnerability in previous versions of Honeywel...

lib32-openssl: man-in-the-middle

During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the ...

openssl: man-in-the-middle

During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the ...

[SECURITY] [DLA 244-1] strongswan security update

Package : strongswan Version : 4.4.1-5.7 CVE ID : CVE-2015-4171 Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When a client authenticate the server with certificates and the client authenticates using pre-shared key or EAP, th...

CVE-2015-1788

The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a...

Vulnerability in OpenSSL - Exploitable out-of-bounds read in X509_cmp_time

X509cmptime does not properly check the length of the ASN1TIME string and can read a few bytes out of bounds. In addition, X509cmptime accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and...

UBUNTU-CVE-2015-1788

The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a...

OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2a. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2a advisory. - An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8z...

OpenSSL 'ssl3_get_client_key_exchange' function denial of service vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial of service vulnerability exists in OpenSSL version 1.0.2. Due to a vulnerability within the implementation of the...

Authentication flaw

The ssl3getclientkeyexchange function in s3srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service daemon crash via a ClientKeyExchange message with a length of zero...

Vulnerability in OpenSSL - Segmentation fault in ASN1_TYPE_cmp

Segmentation fault in ASN1TYPEcmp. The function ASN1TYPEcmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1TYPEcmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and...

Vulnerability in OpenSSL - Segmentation fault for invalid PSS parameters

Segmentation fault for invalid PSS parameters. The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can ...

Vulnerability in OpenSSL - Empty CKE with client auth and DHE

Empty CKE with client auth and DHE. If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. Found by Matt Caswell OpenSSL development team...

PT-2015-1688 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue allows remote attackers to cause a denial of service daemon crash via a ClientKeyExchange message with a length of zero, when client authentication and an ephemeral...

SUSE-SU-2015:0553-2 Security update for compat-openssl098

OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

AIX OpenSSL Advisory : openssl_advisory12.asc (FREAK)

The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - The BIGNUM squaring BNsqr implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. CVE-2014-3570 - A...