Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by multiple OpenSSL vulnerabilities

Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Tivoli Netcool System Service Monitors/Application Service Monitors. Content VULNERABILITY DETAILS: CVE Ids: CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108...

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)

Various security vulnerabilities have been fixed in openssl : - DTLS plaintext recovery attack CVE-2011-4108 - uninitialized SSL 3.0 padding CVE-2011-4576 - malformed RFC 3779 data can cause assertion failures CVE-2011-4577 - SGC restart DoS attack CVE-2011-4619 - invalid GOST parameters DoS atta...

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)

Various security vulnerabilities have been fixed in openssl : - DTLS plaintext recovery attack CVE-2011-4108 - uninitialized SSL 3.0 padding CVE-2011-4576 - malformed RFC 3779 data can cause assertion failures CVE-2011-4577 - SGC restart DoS attack CVE-2011-4619 - invalid GOST parameters DoS atta...

openSUSE Security Update : openssl (openSUSE-2012-52)

openssl was prone to several security issues : - DTLS Plaintext Recovery Attack CVE-2011-4108 - Uninitialized SSL 3.0 Padding CVE-2011-4576 - Malformed RFC 3779 Data Can Cause Assertion Failures CVE-2011-4577 - SGC Restart DoS Attack CVE-2011-4619 - Invalid GOST parameters DoS Attack CVE-2012-002...

Gentoo Security Advisory GLSA 201203-12 (openssl)

The remote host is missing updates announced in advisory GLSA 201203-12. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client...

CVE-2012-0027

CVE-2012-0027 concerns the GOST ENGINE in OpenSSL prior to 1.0.0f. The flaw allows remote attackers to cause a denial of service (daemon crash) by sending crafted data from a TLS client. Connected documents (IBM advisories) list OpenSSL upgrade paths for affected products (e.g., upgrading to Open...