[SECURITY] Fedora 17 Update: openvpn-2.3.1-2.fc17

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for...

Mandriva Linux Security Advisory : libtiff (MDVSA-2013:046)

Updated libtiff packages fix security vulnerabilities : libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8517)

OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSLNODEFAULTZLIB' to 'no' enables compression again. CVE-2012-4929 Please note that openssl on SUSE Linux Enterprise 10 is not...

Medium: openssl

Issue Overview: It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS...

SSL/TLS CRIME attack against HTTPS

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

CentOS Update for openssl CESA-2013:0587 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20130304)

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a paddi...

RedHat Update for openssl RHSA-2013:0587-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

openssl security update

CentOS Errata and Security Advisory CESA-2013:0587 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CV...

SSL/TLS CRIME attack against HTTPS

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

openssl security update

1.0.0-27.2 - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 - DoS in OCSP signatures checking 908052 - enable compression only if explicitly asked for or OPENSSLDEFAULTZLIB environment variable is set fixes CVE-2012-4929 857051 - use securegetenv everywhere inste...

[ MDVSA-2013:015 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:015 http://www.mandriva.com/security/ Package : apache Date : February 26, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in apache ASF...

Debian Security Advisory DSA 2629-1 (openjpeg - several issues)

CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. CVE-2012-3358 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. CVE-2012-3535 Huzaifa Sidhpurwala of the Red Hat Security...

Debian DSA-2626-1 : lighttpd - several issues

Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. - CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an...

Debian DSA-2627-1 : nginx - information leak

Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression. %NASLMINLEVEL...

[SECURITY] [DSA 2627-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2627-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 17, 2013 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2626-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2626-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 17, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2626-1 (lighttpd - several issues)

Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existin...

Fedora Update for libwebp FEDORA-2013-1473

Check for the Version of libwebp OpenVAS Vulnerability Test Fedora Update for libwebp FEDORA-2013-1473 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...