170 matches found
RHEL 9 : openssl (RHSA-2023:3722)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3722 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-6188-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6188-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to...
F5 Networks BIG-IP : OpenSSL vulnerability (K000135178)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135178 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow...
openssl: Possible DoS translating ASN.1 object identifiers
A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...
CLSA-2023-1687269849 openssl: Fix of CVE-2023-2650
CVE-2023-2650: Restrict the size of OBJECT IDENTIFIERs that OBJobj2txt will translate - Update expired smime/SM2 certificates that affect tests...
CLSA-2023-1687269261 openssl: Fix of CVE-2023-2650
CVE-2023-2650: Restrict the size of OBJECT IDENTIFIERs that OBJobj2txt will translate - Update expired smime/SM2 certificates that affect tests...
OESA-2023-1355 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...
OESA-2023-1354 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...
OESA-2023-1356 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...
openSUSE 15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:2470-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2470-1 advisory. - Update to version 3.0.8 bsc1207541. - CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular-exponentiation with long exponents ...
Amazon Linux AMI : openssl (ALAS-2023-1762)
The version of openssl installed on the remote host is prior to 1.0.2k-16.163. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1762 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.50...
MGASA-2023-0195 Updated openssl packages fix security vulnerability
Possible DoS translating ASN.1 object identifiers. CVE-2023-2650...
Medium: openssl
Issue Overview: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers...
Amazon Linux 2 : openssl (ALAS-2023-2073)
The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2073 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509...
Medium: openssl
Issue Overview: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers...
Possible DoS translating ASN.1 object identifiers
...
SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:2343-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2343-1 advisory. - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers bsc1211430. Tenable has extracted the preceding...
SUSE SLED15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:2342-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2342-1 advisory. - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers bsc1211430. Tenabl...
SUSE CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
[slackware-security] openssl
New openssl packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssl-1.1.1u-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Possible DoS translating ASN.1 object identifiers...