SUSE-SU-2016:2545-1 Security update for compat-openssl097g

This update for compat-openssl097g fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 OOB write in BNbn2dec CVE-2016-2182 bsc993819 Birthday attack against 64-bit block ciphers SWEET32...

Updated openssl packages fix security vulnerabilities

Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...

MGASA-2016-0338 Updated openssl packages fix security vulnerabilities

Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...

SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2016:2468-1)

This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant ti...

SUSE-SU-2016:2468-1 Security update for compat-openssl098

This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time fla...

SUSE SLES11 Security Update : openssl (SUSE-SU-2016:2458-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behavior CVE-2016-2177 bsc982575 - Constant time flag not...

Security update for openssl (important)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time flag not...

openSUSE Security Update : openssl (openSUSE-2016-1130)

This update for openssl fixes the following issues : OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 - Constant time flag n...

Amazon Linux AMI : libarchive (ALAS-2016-743)

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. CVE-2016-5418 Multiple...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...

openssl: Possible integer overflow vulnerabilities in codebase

Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Security update for openssl (important)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 Constant time flag not...

SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL regression (USN-3087-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3087-2 advisory. USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update...

Debian DSA-3673-1 : openssl - security update

Several vulnerabilities were discovered in OpenSSL : - CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-p ointer-arithmetic/ - CVE-2016-2178 Cesar Pereida, Billy...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-3087-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3087-1 advisory. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cau...

DSA-3673-2 openssl - regression update

Bulletin has no description...

USN-3087-1: OpenSSL vulnerabilities

Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. CVE-2016-6304 Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointe...

Debian Security Advisory DSA 3673-1 (openssl - security update)

Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/CVE-2016-2178 Cesar Pereida, Billy Brumley and...