CVE-2015-3196

ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...

CVE-2015-1794

The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message...

Design/Logic Flaw

The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message...

OpenSSL ServerKeyExchange Message Handling Remote Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications. A security vulnerability exists in OpenSSL, where a remote attacker submitting a special anonymous DH encryption suite of ServerKeyExchange messages can crash the target service if the p-value is set ...

CVE-2015-1794

The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message...

CVE-2015-3196

ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...

Updated openssl packages fix security vulnerability

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack CVE-2015-1794. Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NU...

CVE-2015-1794

The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message...

openssl -- multiple vulnerabilities

OpenSSL project reports: BNmodexp may produce incorrect results on x8664 CVE-2015-3193 Certificate verify crash with missing PSS parameter CVE-2015-3194 X509ATTRIBUTE memory leak CVE-2015-3195 Race condition handling PSK identify hint CVE-2015-3196 Anon DH ServerKeyExchange with 0 p parameter...

CVE-2015-3196

ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...

SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2015:1518-1)

gnutls was updated to fix several security vulnerabilities. - fix double free in certificate DN decoding GNUTLS-SA-2015-3bsc941794,CVE-2015-6251 - fix invalid read in octet string in bundled libtasn1 bsc929414,CVE-2015-3622 - fix ServerKeyExchange signature issue GNUTLS-SA-2015-2bsc929690 Note th...

SUSE-SU-2015:1518-1 Security update for gnutls

gnutls was updated to fix several security vulnerabilities. - fix double free in certificate DN decoding GNUTLS-SA-2015-3bsc941794,CVE-2015-6251 - fix invalid read in octet string in bundled libtasn1 bsc929414,CVE-2015-3622 - fix ServerKeyExchange signature issue GNUTLS-SA-2015-2bsc929690...

nss security, bug fix, and enhancement update

3.19.1-1 - Rebase nss to 3.19.1 - Pick up upstream fix for client auth. regression caused by 3.19.1 - Revert upstream change to minimum key sizes - Remove patches that rendered obsolote by the rebase - Update existing patches on account of the rebase 3.18.0-7 - Pick up upstream patch from...

Code injection

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...

openSUSE Security Update : gnutls (openSUSE-2015-542)

fix for CVE-2015-3622 in bundled libtasn1 bsc929414 - invalid read in octet string - added gnutls-CVE-2015-3622.patch - fix for GNUTLS-SA-2015-2 bsc929690 - ServerKeyExchange signature issue - added gnutls-GNUTLS-SA-2015-2.patch %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Vulnerability in OpenSSL - Anon DH ServerKeyExchange with 0 p parameter

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack. Found by Guy Leaver Cisco...

SUSE-SU-2015:1268-1 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss

MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2728: Type confusion in Index...

Ubuntu 14.04 LTS : NSS vulnerabilities (USN-2672-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2672-1 advisory. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a...

Firefox ESR < 31.8 Multiple Vulnerabilities (Mac OS X) (Logjam)

The version of Firefox ESR installed on the remote Mac OS X host i prior to 31.8. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services NSS. When a client allows for a ECDHEECDSA exchange, but the server doe...

CVE-2015-2721

Mozilla Network Security Services NSS before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle...