1038 matches found
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
RHEL 7 : openssl (RHSA-2019:2304)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2304 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
Security update for compat-openssl098 (moderate)
openSUSE Security Update: Security update for compat-openssl098 Announcement ID: openSUSE-SU-2019:1637-1 Rating: moderate References: 1117951 1127080 1131291 Cross-References: CVE-2019-1559 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has two fixes is now...
Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1559)
Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain...
SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1362-1)
This update for openssl fixes the following issues : Security issue fixed : CVE-2019-1559: Fixed a 0-byte record padding oracle via SSLshutdown bsc1127080. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
SUSE-SU-2019:1362-1 Security update for openssl
This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1559: Fixed a 0-byte record padding oracle via SSLshutdown bsc1127080...
Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability
Summary IBM Security Guardium is aware of the following vulnerability Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-leng...
Security update for openssl-1_0_0 (moderate)
openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2019:1432-1 Rating: moderate References: 1117951 1127080 Cross-References: CVE-2019-1559 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...
EulerOS Virtualization for ARM 64 3.0.1.0 : openssl (EulerOS-SA-2019-1400)
According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and...
Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)
Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2019-1559 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts...
EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-1326)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then...
EulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-1325)
According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then...
SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2019:1121-1)
This update for gnutls fixes to version 3.6.7 the following issues : Security issued fixed : CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages bsc1130682. CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API bsc1130681...
Amazon Linux 2 : openssl (ALAS-2019-1188)
A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.CVE-2018-5407 If an application encounters a fatal protocol error...
There is a vulnerability in OpenSSL used by AIX.
IBM SECURITY ADVISORY First Issued: Tue Apr 16 10:48:55 CDT 2019 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory30.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory30.asc...
Amazon Linux AMI : openssl (ALAS-2019-1188)
A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. CVE-2018-5407 If an application encounters a fatal protocol erro...
Security update for openssl (moderate)
openSUSE Security Update: Security update for openssl Announcement ID: openSUSE-SU-2019:1175-1 Rating: moderate References: 1100078 1113975 1117951 1127080 Cross-References: CVE-2019-1559 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has three fixes is now...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on 30 October 2018 and later by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVE-ID:...
EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1258)
According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receiv...