USN-2540-1: GnuTLS vulnerabilities

It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. CVE-2014-8155 Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could...

[SECURITY] Fedora 20 Update: openssl-1.0.1e-42.fc20

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 22 Update: openssl-1.0.1k-6.fc22

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 21 Update: openssl-1.0.1k-6.fc21

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

PT-2015-1687 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 1.0.2a Description: The issue is related to the sigalgs implementation in OpenSSL, which allows remote attackers to cause a denial of service by using an invalid signature algorithms extension in the ClientHello...

EUVD-2015-0304

The sigalgs implementation in t1lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash by using an invalid signaturealgorithms extension in the ClientHello message during a renegotiation...

CVE-2015-0291

The sigalgs implementation in t1lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash by using an invalid signaturealgorithms extension in the ClientHello message during a renegotiation...

McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)

The remote host has a version of McAfee Firewall Enterprise installed that is affected by multiple vulnerabilities in the OpenSSL library : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an...

UBUNTU-CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate...

CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate...

SUSE-SU-2015:0281-1 Security update for strongswan

This strongswan update fixes the following security and non security issues. - Disallow brainpool elliptic curve groups in fips mode bnc856322. - Applied an upstream fix for a denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellma...

[SECURITY] Fedora 20 Update: openssl-1.0.1e-41.fc20

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

[SECURITY] Fedora 20 Update: mingw-openssl-1.0.1j-1.fc20

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

SSH Login Failed For Authenticated Checks

It was NOT possible to login using the provided SSH credentials. Hence authenticated checks are NOT enabled. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Red October Attackers Return With CloudAtlas APT Campaign

The attackers behind the Red October APT campaign that was exposed nearly two years ago have resurfaced with a new campaign that is targeting some of the same victims and using similarly constructed tools and spear phishing emails. Red October emerged in January 2013 and researchers found that th...

Hash Manager - Recovering passwords to hashes

The software is designed for recovering passwords to hashes, and it features the following: Supports over 330 hashing algorithms. Contains over 50 additional utilities for handling hashes, passwords, and dictionaries. Unlimited loadable hashes, dictionaries, rules, and masks. Multithreading. 64...

OracleVM 2.2 : openssl (OVMSA-2014-0007)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 ...

OracleVM 3.2 : onpenssl (OVMSA-2014-0008)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 ...