UBUNTU-CVE-2017-3736

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug

It's more than two and half years since the discovery of the critical OpenSSL Heartbleed vulnerability, but the flaw is still alive as it appears that many organizations did not remediate properly to the serious security glitch. It was one of the biggest flaws in the Internet's history that...

Audit of GitHub SSH Keys Finds Many Still Vulnerable to Old Debian Bug

An audit of the SSH keys associated with more than a million GitHub accounts shows that some users have weak, easily factorable keys and many more are using keys that are still vulnerable to the Debian OpenSSL bug disclosed seven years ago. The public SSH keys that users associate with their GitH...

DEBIAN-CVE-2014-3570

The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to...

openSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed)

tor 0.2.4.22 bnc878486 Tor was updated to the recommended version of the 0.2.4.x series. - major features in 0.2.4.x : - improved client resilience - support better link encryption with forward secrecy - new NTor circuit handshake - change relay queue for circuit create requests from size-based...

openssl: Buffer overflow via DTLS invalid fragment

The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

DEBIAN-CVE-2008-7270

OpenSSL before 0.9.8j, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a...

SOL10674 - Netscape reuse cipher change bug - Qualsys QID 38284

A Qualsys security audit may report that the BIG-IP management IP address is vulnerable to a NETSCAPE REUSE CIPHER CHANGE BUG. The security audit may produce a report that appears similar to the following example: QID: 38284 CVSS Base: 5 1 Category: General remote services CVSS Temporal: 4.7 CVE...

How the Debian OpenSSL bug almost spawned a disaster

When news broke last year about the serious flaw in the Debian OpenSSL pseudorandom number generator, security experts knew it was a serious problem and warned users to regenerate any keys that had been created using the vulnerable versions of the OpenSSL package. It was a big problem, but it tur...

Debian OpenSSH/OpenSSL Package Random Number Generator Weakness

The remote SSH host key has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library. The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL. An attacker can easily obtain the...

DEBIAN-CVE-2007-3108

The BNfrommontgomery function in crypto/bn/bnmont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys...

CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that causes an...