Debian: Security Advisory (DLA-132-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL Multiple Vulnerabilities (20150108 - 1) - Linux

OpenSSL is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2015:0172-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in GSKit affect IBM MessageSight (CVE-2015-0159, CVE-2015-0138)

Summary GSKit is an IBM component that is used by IBM MessageSight. The GSKit that is shipped with MessageSight contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. MessageSight has addressed the applicable...

Security Bulletin: IBM Tealeaf Customer Experience is affected by vulnerabilities in OpenSSL

Summary Vulnerabilities in OpenSSL including the “FREAK” attack affect IBM Tealeaf Customer Experience. Vulnerability Details CVEID: CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the...

openssl: Bignum squaring may produce incorrect results

It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there i...

Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)

According to its self-reported version number, the Apache Tomcat service listening on the remote host is 7.0.x prior to 7.0.60. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is...

McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)

The remote host has a version of McAfee Firewall Enterprise installed that is affected by multiple vulnerabilities in the OpenSSL library : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an...

AIX OpenSSL Advisory : openssl_advisory12.asc (FREAK)

The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - The BIGNUM squaring BNsqr implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. CVE-2014-3570 - A...

SUSE-SU-2015:0305-1 Security update for compat-openssl098

The openssl 0.9.8j compatibility package was updated to fix several security vulnerabilities: CVE-2014-3570: Bignum squaring BNsqr may produce incorrect results on some platforms, including x8664. CVE-2014-3571: Fix crash in dtls1getrecord whilst in the listen state where you get two separate rea...

SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10208)

OpenSSL compat-openssl097g has been updated to fix various security issues. More information can be found in the openssl advisory: http://openssl.org/news/secadv20150108.txt . The following issues have been fixed : - Bignum squaring BNsqr may have produced incorrect results on some platforms,...

SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10150)

OpenSSL has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv20150108.txt . The following issues have been fixed : - Bignum squaring BNsqr may produce incorrect results on some platforms, including x8664. bsc912296...

openssl: Bignum squaring may produce incorrect results

It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there i...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2459-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2459-1 advisory. Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. CVE-2014-3570 Markus Stenberg discovered that OpenSSL incorrectly handled...

USN-2459-1 openssl vulnerabilities

Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. CVE-2014-3570 Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3571...

USN-2459-1: OpenSSL vulnerabilities

Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. CVE-2014-3570 Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3571...

Mandriva Linux Security Advisory : openssl (MDVSA-2015:019)

Multiple vulnerabilities has been discovered and corrected in openssl : A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord...

Updated openssl packages fix security vulnerabilities

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an...

[SECURITY] [DLA 132-1] openssl security update

Package : openssl Version : 0.9.8o-4squeeze19 CVE ID : CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:...

openssl: multiple issues

CVE-2014-3571 denial of service A remote attacker is able to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1getrecord...