CentOS Update for openssl CESA-2016:1940 centos7

Check the version of openssl SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882566";...

CentOS 6 / 7 : openssl (CESA-2016:1940)

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

F5 Networks BIG-IP : TMM SSL/TLS virtual server vulnerability (K39508724)

TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a 'Vaudenay timing attack' aka 'Padding oracle attack.'CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms : The VIPRION B4450 blade and BIG-IP 2000 and 4000 series platforms are...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL regression (USN-3087-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3087-2 advisory. USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update...

CVE-2016-4754

ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

CVE-2016-4754

ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

Code injection

ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

CVE-2016-4754

ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

CVE-2016-4754

CVE-2016-4754 affects ServerDocs Server in Apple OS X Server before 5.2. The issue is weaknesses in the RC4 cryptographic algorithm that allow an unauthenticated, remote attacker to defeat cryptographic protection. Apple’s macOS Server 5.2 mitigation removes RC4 support for ServerDocs Server, add...

DSA-3673-2 openssl - regression update

Bulletin has no description...

Debian DSA-3673-1 : openssl - security update

Several vulnerabilities were discovered in OpenSSL : - CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-p ointer-arithmetic/ - CVE-2016-2178 Cesar Pereida, Billy...

USN-3087-1: OpenSSL vulnerabilities

Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. CVE-2016-6304 Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointe...

[SECURITY] [DSA 3673-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3673-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3673-1 (openssl - security update)

Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/CVE-2016-2178 Cesar Pereida, Billy Brumley and...

Ruby: Ruby OpenSSL Library - IV Reuse in GCM Mode

Hello, An IV reuse bug was discovered in Ruby's OpenSSL library when using aes-gcm. When encrypting data with aes--gcm, if the IV is set before setting the key, the cipher will default to using a static IV. This creates a static nonce and since aes-gcm is a stream cipher, this can lead to known...

SUSE-SU-2016:2329-1 Security update for apache2-mod_nss

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from sha256 to sha256. - Drop modnssmigrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. -...

MGASA-2016-0304 Updated openvpn packages fix security vulnerability

Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to birthday attack when key renegotiation doesn't happen frequently or at all in long running connections. Blowfish cipher as used in OpenVPN by default is vulnerable to this attack, that allows remote attacker to recove...

SUSE-SU-2016:2285-1 Security update for apache2-mod_nss

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements: - Fix OpenSSL ciphers stopped parsing at +. CVE-2016-3099 - Created valgrind suppression files to ease debugging. - Implement SSLPPTYPEFILTER to call executables to get the key password pins. - Improvements t...

ipmi-cipher-zero NSE Script

IPMI 2.0 Cipher Zero Authentication Bypass Scanner. This module identifies IPMI 2.0 compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero. Script Arguments vulns.short, vulns.showall See the documentation for the vulns library. Example Usa...