RHEL 9 : libssh (RHSA-2025:23483)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23483 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

openSUSE 16 Security Update : openssl-3 (openSUSE-SU-2025:20164-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20164-1 advisory. - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232 - CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm...

RockyLinux 10 : libssh (RLSA-2025:23484)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23484 advisory. libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 Tenable has extracted the preceding description block directly from the...

RockyLinux 8 : python39:3.9 (RLSA-2025:23530)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don'...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 10 : libssh (RHSA-2025:23484)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23484 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

ALSA-2025:23484 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 For more details about the security issues, including the impact, a CVSS score,...

ALSA-2025:23530 Important: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2025:23483 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 For more details about the security issues, including the impact, a CVSS score,...

Security update for openssl-3 (important)

openSUSE security update: security update for openssl-3 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025:20164-1 Rating: important References: bsc1250232 bsc1250233 bsc1250234 Cross-References: CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 CVSS scores:...

Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 For more details about the security issues, including the impact, a CVSS score,...

ALSA-2025:23342 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

SUSE-SU-2025:21213-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232 - CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM bsc1250233 - CVE-2025-9232: Fixed out-of-bounds read in HTTP client noproxy handling...

OPENSUSE-SU-2025:20164-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232 - CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM bsc1250233 - CVE-2025-9232: Fixed out-of-bounds read in HTTP client noproxy handling...

CLSA-2025-1765804754 openssl: Fix of CVE-2025-9230

CVE-2025-9230: fix out-of-bounds read of unwrapped key size that may trigger a crash...

SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / etc (SUSE-SU-2025:03442-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03442-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK...