F5 Networks BIG-IP : OpenSSL vulnerability (K000135178)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135178 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow...

Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-6188-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6188-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to...

openssl: Possible DoS translating ASN.1 object identifiers

A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...

CLSA-2023-1687269849 openssl: Fix of CVE-2023-2650

CVE-2023-2650: Restrict the size of OBJECT IDENTIFIERs that OBJobj2txt will translate - Update expired smime/SM2 certificates that affect tests...

CLSA-2023-1687269261 openssl: Fix of CVE-2023-2650

CVE-2023-2650: Restrict the size of OBJECT IDENTIFIERs that OBJobj2txt will translate - Update expired smime/SM2 certificates that affect tests...

OESA-2023-1354 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...

OESA-2023-1355 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...

OESA-2023-1356 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...

Amazon Linux AMI : openssl (ALAS-2023-1762)

The version of openssl installed on the remote host is prior to 1.0.2k-16.163. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1762 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.50...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:2470-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2470-1 advisory. - The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make...

MGASA-2023-0195 Updated openssl packages fix security vulnerability

Possible DoS translating ASN.1 object identifiers. CVE-2023-2650...

Amazon Linux 2 : openssl (ALAS-2023-2073)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2073 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509...

Medium: openssl

Issue Overview: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers...

Medium: openssl

Issue Overview: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers...

Possible DoS translating ASN.1 object identifiers

...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2023:2343-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2343-1 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2023:2342-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2342-1 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may b...

SUSE CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

[slackware-security] openssl

New openssl packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssl-1.1.1u-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Possible DoS translating ASN.1 object identifiers...

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2023:2328-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2328-1 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...