Solaris 8 (sparc) : 115054-01

Sun Cluster 3.1: OpenSSl security patch. Date this patch was last updated by Sun : Mar/05/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 9 (sparc) : 115055-01

Sun Cluster 3.1: OpenSSL security patch. Date this patch was last updated by Sun : Mar/05/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

OpenSSL, Groff: Insecure tempfile handling

Background OpenSSL is a toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols as well as a general-purpose cryptography library. It includes the derchop script, which is used to convert DER-encoded certificates to PEM format. Groff GNU Troff is a typesetting package...

OpenSSL security update

Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two potential denial-of-service issues in earlier versions of OpenSSL. We recommend sites that use OpenSSL upgrade to the fixed packages right away. More details about this issue may be found in the Commo...

Important: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography...

CVE-2003-0543

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service crash via an SSL client certificate with certain ASN.1 tag values...

(RHSA-2003:293) openssl security update

OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. NISCC testing of implementations of the SSL protocol uncovered two bu...

Important: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. Updated 30 May 2003 Added missing i686 packages. OpenSSL is a commercial-grade, full-featured, open source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport...

FreeBSD-SA-03:06.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:06.openssl Security Advisory The FreeBSD Project Topic: OpenSSL timing-based SSL/TLS attack Category: crypto Module: openssl Announced: 2003-03-21 Credits:...

CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

Moderate: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available that fix a potential timing-based attack. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer SSL v2/...

Moderate: Red Hat Security Advisory: : Updated OpenSSL packages fix timing attack

Updated OpenSSL packages are available that fix a potential timing-based attack. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose...

CVE-2002-0657

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key...

Critical: Red Hat Security Advisory: openssl, mm security update for Stronghold

Updated Apache packages are available which fix several serious buffer overflow vulnerabilities in OpenSSL and a local privilege escalation vulnerability in MM. Note: Please read the "Solution" section below as there are special upgrade instructions for this errata. ----------- OpenSSL is a...

Important: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available for Red Hat Linux Advanced Server. These updates fix multiple protocol parsing bugs, which may cause a denial of service DoS attack or cause SSL-enabled applications to crash. Updated 06 Jan 2003 Added fixed packages for the ia64 architecture. Updated 06 Feb...

Critical: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available which fix several serious buffer overflow vulnerabilities. OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength...

CVE-2001-1141

The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...

CVE-2000-0535

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken...

CVE-2000-0535

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken...

CVE-1999-0428

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls...