MiracleLinux 3 : openssl-0.9.8e-22.AXS3.1 (AXSA:2012-465:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-465:03 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

OESA-2024-2072 mysql security update

The MySQLTM software delivers a very fast, multi-threaded, multi-user, and robust SQL Structured Query Language database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or...

SUSE SLES11 Security Update : openssl1 (SUSE-SU-2019:14171-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14171-1 advisory. - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases,...

Security Bulletin: Aspera Web Applications (Faspex, Console, Orchestrator) are affected by OpenSSL Vulnerabilities (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563)

Summary Aspera Web Applications Faspex, Console, Orchestrator have addressed the following OpenSSL Vulnerabilities. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However,...

Low: openssl

Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2264)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...

Security update for openssl-1_0_0 (moderate)

openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2019:2269-1 Rating: moderate References: 1131291 1150003 1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata ...

openSUSE Security Update : openssl-1_1 (openSUSE-2019-2158)

This update for openssl-11 fixes the following issues : OpenSSL Security Advisory 10 September 2019 - CVE-2019-1547: Added ECGROUPsetgenerator side channel attack avoidance. bsc1150003 - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key bsc1150250 This update...

Information Disclosure

OpenSSL is vulnerable to information disclosure. It is possible because a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key can be recovered using a Bleichenbacher padding oracle attack after an attacker is notified with status of...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...