Medium: openssl

Issue Overview: A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.CVE-2018-5407 If an application encounters a fata...

openSUSE Security Update : openssl-1_0_0 (openSUSE-2019-1105)

This update for openssl-100 fixes the following issues : Security issues fixed : - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respo...

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1145)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2019:0803-1)

This update for openssl fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

MariaDB: smtp service vulnerable to POODLE SSLv3

One of our package servers had an old smtpd service linked with openssl 1.0.1i, which uses nondeterministic CBC padding, making it easy for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. The service has been disabled for the internet, as ...

SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2019:0600-1)

This update for openssl-100 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

SUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2019:0572-1)

This update for openssl-100 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

MGASA-2019-0106 Updated openssl packages fix security vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

Updated openssl packages fix security vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

Updated gnutls packages fix security vulnerability

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

Debian DLA-1701-1 : openssl security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application...

FreeBSD : Node.js -- multiple vulnerabilities (b71d7193-3c54-11e9-a3f9-00155d006b02)

Node.js reports : Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...

Debian: Security Advisory (DLA-1701-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-201903-6] lib32-openssl-1.0: information disclosure

Arch Linux Security Advisory ASA-201903-6 ========================================= Severity: Medium Date : 2019-03-03 CVE-ID : CVE-2019-1559 Package : lib32-openssl-1.0 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-918 Summary ======= The package...

[ASA-201903-2] openssl-1.0: information disclosure

Arch Linux Security Advisory ASA-201903-2 ========================================= Severity: Medium Date : 2019-03-02 CVE-ID : CVE-2019-1559 Package : openssl-1.0 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-917 Summary ======= The package openssl-1.0 befo...

[SECURITY] [DLA 1701-1] openssl security update

Package : openssl Version : 1.0.1t-1+deb8u11 CVE ID : CVE-2019-1559 Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive...

Padding Oracle Attack

openssl is vulnerable to padding oracle attacks. In the event of a fatal protocol error and SSLshutdown is called twice, an attacker is able to perform a padding oracle attack to decrypt data by sending a 0 byte record with invalid padding, causing the application to behave differently due to...

Debian DSA-4400-1 : openssl1.0 - security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4400. The text itself is copyright C Software in the Public...

OpenSSL 1.0.2 < 1.0.2r Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2r. It is, therefore, affected by a vulnerability as referenced in the 1.0.2r advisory. - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one th...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerability (USN-3899-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3899-1 advisory. Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding...