CBL Mariner 2.0 Security Update: hvloader / openssl (CVE-2022-2097)

The version of hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2097 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not...

OpenSSL 3.0.0 < 3.0.5 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.5 advisory. - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions...

Vulnerability in OpenSSL - AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn’t written. In the special case of “in place” encryption...