Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2019-1559 Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP...

Insecure Cryptography Algorithm

Overview Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later. References - GitHub Issue - Padding...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0206)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signin...

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

Debian: Security Advisory (DSA-4540-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-4539-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4539-1 : openssl - security update

Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7dataDecode and CMSdecryptset1pkey and it was discovered that a feature of the random number generator RNG intended to protect against shared RNG state between parent and child processes in th...

[SECURITY] [DSA 4540-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4540-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4539-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4539-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...

CVE-2019-3730

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...

Design/Logic Flaw

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...

CVE-2019-3730

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...

CVE-2019-3730

Dell RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x) are affected by an Information Exposure Through an Error Message vulnerability (padding oracle). A remote attacker could potentially exploit this to extract sensitive information, per CVE...

Debian DLA-1932-1 : openssl security update

Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit...

[SECURITY] [DLA 1932-1] openssl security update

Package : openssl Version : 1.0.1t-1+deb8u12 CVE ID : CVE-2019-1547 CVE-2019-1563 Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths...

OpenSSL 1.0.2, 1.1.0, 1.1.1 Multiple Vulnerabilities - Windows

OpenSSL is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Information Disclosure

OpenSSL is vulnerable to information disclosure. It is possible because a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key can be recovered using a Bleichenbacher padding oracle attack after an attacker is notified with status of...

NewStart CGSL MAIN 4.06 : openssl Vulnerability (NS-SA-2019-0176)

The remote NewStart CGSL host, running version MAIN 4.06, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...

ALPINE-CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

DEBIAN-CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...