openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss and seamonkey (openSUSE-SU-2014:1345-1)

update to Firefox 33.0 bnc900941 New features : - OpenH264 support sandboxed - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP Content Security Policy backend - Support for connecting to HTTP proxy over HTTPS - Improved...

CVE-2014-8531

The TLS/SSL Server in McAfee Network Data Loss Prevention NDLP before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors...

Code injection

The TLS/SSL Server in McAfee Network Data Loss Prevention NDLP before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors...

CVE-2014-8531

The TLS/SSL Server in McAfee Network Data Loss Prevention NDLP before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors...

CVE-2014-8531

The CVE-2014-8531 entry concerns McAfee Network Data Loss Prevention (NDLP) TLS/SSL Server prior to version 9.3. The issue is that the TLS/SSL Server uses weak cipher algorithms, enabling remote authenticated users to execute arbitrary code via unspecified vectors. Documents explicitly link the v...

PT-2015-1696

Name of the Vulnerable Software and Affected Versions TLS protocol versions 1.2 and earlier Description The issue concerns a problem with the TLS protocol where a DHE EXPORT ciphersuite is enabled on a server but not on a client, allowing man-in-the-middle attackers to conduct cipher-downgrade...

Asterisk Information Disclosure (AST-2014-011) (POODLE)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by an error related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. A man-in-the-middle attacke...

Oracle Linux 5 : openssl (ELSA-2014-1653) (POODLE)

From Red Hat Security Advisory 2014:1653 : Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that...

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20141016) (POODLE)

This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...

OpenSSL 3.0 Protocol Vulnerability

US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction. US-CERT recommends users and administrators review TA14-29...

POODLE vulnerability in SSL 3.0

Overview Many modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining CBC mode is used. This is commonly referred to as the "POODLE" Padding Oracle On Downgraded Legacy Encryption attack. Description CWE-327: U...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

USN-2385-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-3513 I...

SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)

This host is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 SSLv3 protocol when using a block cipher in Cipher Block Chaining CBC mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

F5 Networks BIG-IP : Netscape reuse cipher change bug (SOL10674)

The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL10674. The text description of this plugin is C F5 Networks...

Ubuntu 12.04 LTS : openssl update (USN-2367-1)

For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature OPENSSLMAXTLS12CIPHERLENGTH was used that would truncate the cipher list. This would prevent certain ciphers from being...

USN-2367-1: OpenSSL update

For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature OPENSSLMAXTLS12CIPHERLENGTH was used that would truncate the cipher list. This would prevent certain ciphers from being...

SSL/TLS: Perfect Forward Secrecy Cipher Suites Missing

The remote service is missing support for SSL/TLS cipher suites supporting Perfect Forward Secrecy. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...