RHEL 4 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Memory corruption in the ASN.1 encoder CVE-2016-2108 - Rejected reason: DO NOT USE THIS CANDIDAT...

SUSE: Security Advisory (SUSE-SU-2016:1290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arista Networks EOS ASN.1 Encoder RCE (SA0020)

The version of Arista Networks EOS running on the remote device is affected by a remote code execution vulnerability in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can...

Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the getclientmasterkey function within file s2srvr.c, due ...

Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)

According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improp...

Oracle Linux 6 : openssl (ELSA-2016-0996)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0996 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...

openssl security update

1.0.1e-48.1 - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when readi...

openSUSE Security Update : openssl (openSUSE-2016-562)

This update for openssl fixes the following issues : - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 -...

openSUSE Security Update : compat-openssl098 (openSUSE-2016-575)

This update for compat-openssl098 fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2109: ASN.1 BIO excessive memory allocation bsc97694...

openssl security update

1.0.1e-51.5 - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when readi...

Security Advisory 0020

Security Advisory 0020 PDF Date: May 6th, 2016 Version: 1.2 Revision| Date| Changes ---|---|--- 1.0 | May 6th, 2016 | Initial release 1.1 | May 12th, 2016 | Updated to include assessment for CVX and CVP. Change in vulnerability status for CVE-2016-2107. 1.2 | May 20th, 2016 | Updated to include...

Debian DSA-3566-1 : openssl - security update

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. - CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVPEncodeUpdate, used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption....

SUSE-SU-2016:1231-1 Security update for compat-openssl097g

This update for compat-openssl097g fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2109: ASN.1 BIO excessive...

OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)

No description provided by source...

Debian DLA-456-1 : openssl security update

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVPEncodeUpdate, used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption...

[SECURITY] [DSA 3566-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3566-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini May 03, 2016 https://www.debian.org/security/faq -...

OpenSSL Patches Padding Oracle Attack Bug

The latest batch of OpenSSL security patches were released today, with a pair of high-severity flaws and four low-severity issues addressed in OpenSSL 1.0.1t and OpenSSL 1.0.2h. One of the high-severity flaws, CVE-2016-2107, opens the door to a padding oracle attack that can allow for the...

Debian Security Advisory DSA 3566-1 (openssl - security update)

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVPEncodeUpdate, used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption...

DSA-3566-1 openssl - security update

Bulletin has no description...

Vulnerability in OpenSSL - Memory corruption in the ASN.1 encoder

This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. In previous versions of OpenSSL, ASN.1 encoding the...