Fedora 37 : openssl (2022-1c20b4dde2)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1c20b4dde2 advisory. Automatic update for openssl-3.0.5-1.fc37. Changelog Tue Jul 5 2022 Clemens Lang - 1:3.0.5-1 - Rebase to upstream version 3.0.5 Related: rhbz2099972...

Intel® QuickAssist Technology Engine for OpenSSL Advisory

Summary: Potential security vulnerabilities in the Intel® QuickAssist Technology Intel® QAT Engine for OpenSSL engine for OpenSSL software may allow information disclosure . Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2024-336...

RHEL 9 : openssl and openssl-fips-provider (RHSA-2024:9333)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9333 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2024:3871-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3871-1 advisory. - CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 - CVE-2024-41996: Avoid expensive public key validation for known safe-prime grou...

[SECURITY] [DLA 3942-1] openssl security update

Debian LTS Advisory DLA-3942-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton October 31, 2024 https://wiki.debian.org/LTS Package : openssl Version : 1.1.1n-0+deb11u6 CVE ID : CVE-2023-5678 CVE-2024-0727 CVE-2024-2511 CVE-2024-4741 CVE-2024-5535 CVE-2024-9143 Debia...

Tenable Sensor Proxy < 1.0.11 (TNS-2024-18)

According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.0.11. It is, therefore, affected by a vulnerability as referenced in the TNS-2024-18 advisory. - Sensor Proxy leverages third-party software to help provide underlying functionality. One of t...

Fortinet Fortigate OpenSSL3 CVE-2022-3602 CVE-2022-3786 vulnerabilities (FG-IR-22-419)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-22-419 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Not...

EulerOS Virtualization 2.12.0 : openssl (EulerOS-SA-2024-2775)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a cra...

USN-7018-1: OpenSSL vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

CVE-2024-6119 vulnerabilities

Vulnerabilities for packages: openssl...

The vulnerabilities of the functions EVP_PKEY_param_check() and EVP_PKEY_public_check() in the OpenSSL cryptographic library allow a attacker to cause a service failure.

The vulnerability of the EVPPKEYparamcheck and EVPPKEYpubliccheck functions in the OpenSSL cryptographic library is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2024-4603 vulnerabilities

Vulnerabilities for packages: openssl-provider-fips-3.1.2, openssl-provider-fips, openssl...

OpenSSL Security Advisory [28th March 2023] (CVE-2023-0465, CVE-2023-0466)

Multiple OpenSSL Vulnerabilities released on28th March 2023 Invalid certificate policies in leaf certificates are silently ignored CVE-2023-0465 ========================================================= Applications that use a non-default option when verifying certificates may be vulnerable to an...

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. CVE-2023-5363, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-6632-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6632-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenSSL vulnerabilities (USN-6622-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6622-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this...

OpenSSL Security Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a wide range of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

SUSE-SU-2023:4930-1 Security update for go1.20-openssl

This update for go1.20-openssl fixes the following issues: Update to version 1.20.12.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme bsc1217834. - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 bsc1216943. -...

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)

Summary IBM GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSL (CVE-2018-0732 CVE-2018-0739)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server...