CVE-2016-0702

CVE-2016-0702 (OpenSSL) is a local side-channel vulnerability where the MOD_EXP_CTIME_COPY_FROM_PREBUF path during modular exponentiation does not properly account for cache-bank access times on Intel Sandy Bridge, enabling an attacker sharing a CPU core to recover RSA keys via a crafted app. Aff...

Security update for openssl (important)

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

Security update for openssl (important)

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

Security update for openssl (important)

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

Security update for openssl (important)

This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0617-1) (DROWN)

This update for openssl fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0620-1) (DROWN)

This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

Ubuntu: Security Advisory (USN-2914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory for openssl (SUSE-SU-2016:0617-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

node -- multiple vulnerabilities

Jeremiah Senkpiel reports: Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. Fix a defect that can cause memory corruption in certain very rare cases Fix a defect that makes the CacheBleed Attack possible...

OpenSSL 1.0.1 < 1.0.1s Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.1s. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1s advisory. - The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2914-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2914-1 advisory. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs...

OpenSSL 1.0.2 < 1.0.2g Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2g. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2g advisory. - The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a...

USN-2914-1 openssl vulnerabilities

Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. CVE-2016-0702 Adam Langley discovered th...

USN-2914-1: OpenSSL vulnerabilities

Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. CVE-2016-0702 Adam Langley discovered th...

SUSE-SU-2016:0620-1 Security update for openssl

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

SUSE-SU-2016:0617-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

SUSE-SU-2016:0621-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...