154 matches found
[slackware-security] openssl
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssl-solibs-1.0.1j-i486-1slack14.1.txz: Upgraded. Security fix...
CVE-2014-3567
Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...
Important: openssl
Issue Overview: A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. CVE-2014-3513 A memory...
nss security update
CentOS Errata and Security Advisory CESA-2014:1246 Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Commo...
UBUNTU-CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)
A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application...
nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)
A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application...
DEBIAN-CVE-2014-1490
Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...
Race condition
Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...
CVE-2014-1490
Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...
CVE-2014-1490
Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...
Firefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to...
gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)
Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service application crash via a large SessionTicket...
gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)
Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service application crash via a large SessionTicket...