SUSE-SU-2015:1184-1 Security update for OpenSSL

This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...

SUSE-SU-2015:1182-1 Security update for OpenSSL

This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...

SUSE-SU-403 Security update for OpenSSL

This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...

MGASA-2014-0416 Updated openssl packages fix security vulnerabilities

This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...

SUSE-SU-2015:0546-1 Security update for openssl1

This OpenSSL update fixes the following issues: SRTP Memory Leak CVE-2014-3513 Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3513 CVE-2014-3567 CVE-2014-3566...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 openssl security update

An update for the openssl component for Red Hat JBoss Web Server 2.1.0 that fixes multiple security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

ALCASAR 2.8 - Remote Code Execution

!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8' 8b Y8aaaaa, d8' 8b 88aaaaaa8P'...

[DLA 33-1] openssl security update

Package : openssl Version : 0.9.8o-4squeeze17 CVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 Detailed descriptions of the vulnerabilities can be found at: https://www.openssl.org/news/secadv20140806.txt Its important that you upgrade the libssl0.9.8 package and not...

openssl098e security update

0.9.8e-29.2 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability...

IBM General Parallel File System OpenSSL Security Bypass (Windows)

A version of IBM General Parallel File System GPFS 3.5.0.11 or later but prior to 3.5.0.18 is installed on the remote host. It is, therefore, affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks. C...

openssl security update

1.0.1e-16.14 - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerabilit...

Debian DSA-2931-1 : openssl - security update

It was discovered that incorrect memory handling in OpenSSL's dossl3write function could result in denial of service. The oldstable distribution squeeze is not affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

MGASA-2014-0165 Updated openssl package fix two security vulnerabilities

Updated openssl packages fix security vulnerability: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

MGASA-2013-0277 Updated python-OpenSSL package fixes security vulnerability

The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing CVE-2013-4314...

SUSE-SU-2015:0545-1 Security update for OpenSSL

OpenSSL has been updated to fix several security issues: CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSLNODEFAULTZLIB' to 'no' enables compression again. CVE-2013-0169: Timing attacks against TLS could be used by...

RedHat Update for openssl RHSA-2012:0426-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2006-7250

The mimehdrcmp function in crypto/asn1/asnmime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted S/MIME message...

RHEL 6 : openssl (RHSA-2011:0677)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0677 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a full-strength,...

CVE-2008-7270

OpenSSL before 0.9.8j, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a...

Important openssl security update

0.9.7a-43.14 - fix CVE-2006-2937 - mishandled error on ASN.1 parsing 207276 - fix CVE-2006-2940 - parasitic public keys DoS 207274 - fix CVE-2006-3738 - buffer overflow in SSLgetsharedciphers 206940 - fix CVE-2006-4343 - sslv2 client DoS 206940 0.9.7a-43.11 - fix CVE-2006-4339 - prevent attack on...