20 matches found
Oracle: Security Advisory (ELSA-2009-1335)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 5 : openssl (RHSA-2009:1335)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:1335 advisory. - openssl: mimehdrcmp NULL dereference crash CVE-2006-7250 - openssl: ASN1 printing crash CVE-2009-0590 - OpenSSL: DTLS epoch record buffer...
VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286,...
[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02029444 Version: 1 HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS, Denial of Service DoS, Execution of Arbitrary Code,...
Security fix for the ALT Linux 9 package openssl10 version 0.9.8m-alt1
Feb. 26, 2010 Evgeny Sinelnikov 0.9.8m-alt1 - Updated to 0.9.8m with security fixes and improvements, including: + CVE-2009-3245, CVE-2008-1678 + CVE-2009-1377, CVE-2009-1378, CVE-2009-1379 + CVE-2009-1387 closes: 20280 + CVE-2009-4355 closes: 22817, 23037 + patch for Cisco VPN client DTLS...
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8m-alt1
Feb. 26, 2010 Evgeny Sinelnikov 0.9.8m-alt1 - Updated to 0.9.8m with security fixes and improvements, including: + CVE-2009-3245, CVE-2008-1678 + CVE-2009-1377, CVE-2009-1378, CVE-2009-1379 + CVE-2009-1387 closes: 20280 + CVE-2009-4355 closes: 22817, 23037 + patch for Cisco VPN client DTLS...
Security fix for the ALT Linux 8 package openssl10 version 0.9.8m-alt1
Feb. 26, 2010 Evgeny Sinelnikov 0.9.8m-alt1 - Updated to 0.9.8m with security fixes and improvements, including: + CVE-2009-3245, CVE-2008-1678 + CVE-2009-1377, CVE-2009-1378, CVE-2009-1379 + CVE-2009-1387 closes: 20280 + CVE-2009-4355 closes: 22817, 23037 + patch for Cisco VPN client DTLS...
Security fix for the ALT Linux 6 package openssl10 version 0.9.8m-alt1
Feb. 26, 2010 Evgeny Sinelnikov 0.9.8m-alt1 - Updated to 0.9.8m with security fixes and improvements, including: + CVE-2009-3245, CVE-2008-1678 + CVE-2009-1377, CVE-2009-1378, CVE-2009-1379 + CVE-2009-1387 closes: 20280 + CVE-2009-4355 closes: 22817, 23037 + patch for Cisco VPN client DTLS...
Gentoo Security Advisory GLSA 200912-01 (openssl)
The remote host is missing updates announced in advisory GLSA 200912-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
SLES11: Security update for OpenSSL
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: libopenssl098 openssl openssl-doc More details may also be found by searching for the SuSE Enterprise Server 11 patch database linked in the references...
Mandrake Security Advisory MDVSA-2009:238 (openssl)
The remote host is missing an update to openssl announced via advisory MDVSA-2009:238. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
SuSE 11 Security Update : OpenSSL (SAT Patch Number 990)
OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...
CentOS Security Advisory CESA-2009:1335 (openssl)
The remote host is missing updates to openssl announced in advisory CESA-2009:1335. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
DSA-1888-1 openssl - cryptographic weakness
Bulletin has no description...
openSUSE Security Update : libopenssl-devel (libopenssl-devel-974)
OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : openssl vulnerabilities (USN-792-1)
It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. CVE-2009-1377 It was discovered that...
OpenSSL dtls1_retrieve_buffered_fragment()函数握手消息拒绝服务漏洞
BUGTRAQ ID: 35417 CVECAN ID: CVE-2009-1387 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 OpenSSL在接收到带有非预期序列号的握手消息时会将其传送给dtls1processoutofseqmessage函数。如果序列号低于预期值,这个函数会丢弃数据;如果为之后的消息,函数会缓冲数据。在丢弃数据时,消息碎片长度保持为0,说明没有缓冲任何数据。由于检查长度所用的错误if条件,有时会缓冲没有数据但长度为丢弃消息长度的碎片,之后在进行处理的时候会导致总线错误。 OpenSSL 0.9.x...
openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-6291)
OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
CVE-2009-1387
The dtls1retrievebufferedfragment function in ssl/d1both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence DTLS handshake message, related to a "fragment bug."...
CVE-2009-1387
CVE-2009-1387 affects the OpenSSL DTLS implementation. The vulnerability resides in the function dtls1_retrieve_buffered_fragment (ssl/d1_both.c) in OpenSSL before 1.0.0 Beta 2, where an out-of-sequence DTLS handshake message can trigger a NULL pointer dereference and daemon crash, i.e., a denial...