Scientific Linux Security Update : openssl097a and openssl098e on SL5.x, SL6.x i386/x86_64 (20140605)

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. CVE-2014-0224 Note: In order to...

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat...

Important: Red Hat Security Advisory: openssl097a and openssl098e security update

Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RHEL 6 : openssl (RHSA-2014:0376)

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Scientific Linux Security Update : openssl on SL6.x i386/x86_64

An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server...

HTTPS can leak your Personal details to Attackers

Explosive revelations of massive surveillance programs conducted by government agencies by the former contractor Edward Snowden triggered new debate about the security and privacy of each individual who is connected somehow to the Internet and after the Snowden’s disclosures they think that by...

SSL Certificate Expiry - Future Validity

The SSL certificate for the remote SSL-enabled service is not yet valid. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid42980; scriptversion "$Revision: 1.8 $"; scriptcvsdate"$Date: 2012/04/02 16:34:10 $"; scriptnameenglish:"SSL Certificate Expiry - Future Validity";...

iPhone, Android, Others Get Man in the Middle Treatment

Security researchers have released a paper detailing successful man-in-the-middle attacks against several smartphones. The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taki...

Microsoft Internet Explorer 7 DisableCachingOfSSLPages may not prevent caching

Overview Setting the Internet Explorer 7 option DisableCachingOfSSLPages may not prevent the caching of SSL-enabled web pages. Description Administrators and users can set the Internet Explorer DisableCachingOfSSLPages option to prevent sensitive or private data from being saved to disk. The...

Debian: Security Advisory (DSA-1377-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 637-1 (exim-tls)

The remote host is missing an update to exim-tls announced via advisory DSA 637-1. OpenVAS Vulnerability Test $Id: deb6371.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 637-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

DSA-1377-2 fetchmail - null pointer dereference

Bulletin has no description...

First Response < 1.1.1 Multiple Vulnerabilities

The remote host contains a version of First Response, an incident response tool, that is affected by multiple vulnerabilities. If the First Response agent fragent is configured to listen for remote SSL-enabled connections, it is reportedly possible to disable the agent remotely by sending a serie...

[SECURITY] [DSA 939-1] New fetchmail packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 939-1 [email protected] http://www.debian.org/security/ Martin Schulze January 13th, 2006 http://www.debian.org/security/faq -...

DSA-939-1 fetchmail - programming error

Bulletin has no description...

kernel -- information disclosure when using HTT

Problem description and impact When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread. Information may be disclosed to local users, allowing in many cases for privilege escalation. For example, on a...

Debian DSA-393-1 : openssl - denial of service

Dr. Stephen Henson , using a test suite provided by NISCC , discovered a number of errors in the OpenSSL ASN1 code. Combined with an error that causes the OpenSSL code to parse client certificates even when it should not, these errors can cause a denial of service DoS condition on a system using...

Microsoft Private Communication Technology (PCT) fails to properly validate message inputs

Overview A vulnerability exists in the Private Communications Transport PCT protocol, which is part of the Microsoft Secure Sockets Layer SSL library. Exploitation of this vulnerability may permit a remote attacker to compromise the system. An exploit for this issue currently being used to...

Apache Httpd < 2.0.49 : mod_ssl memory leak

A memory leak in modssl allows a remote denial of service attack against an SSL-enabled server by sending plain HTTP requests to the SSL port...