10 matches found
Mageia: Security Advisory (MGASA-2014-0481)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0185 Updated polarssl & hiawatha packages fix security vulnerabilities
Updated hiawatha package fixes security vulnerabilities: The hiawatha package included a bundled copy of PolarSSL 1.3.2, which was vulnerable to several security issues that had already been fixed in the system polarssl package. These issues were CVE-2014-4911, CVE-2014-8627, CVE-2014-8628, and...
Updated polarssl & hiawatha packages fix security vulnerabilities
Updated hiawatha package fixes security vulnerabilities: The hiawatha package included a bundled copy of PolarSSL 1.3.2, which was vulnerable to several security issues that had already been fixed in the system polarssl package. These issues were CVE-2014-4911, CVE-2014-8627, CVE-2014-8628, and...
PolarSSL Weak Signature Algorithm Negotiation
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, allowing remote attackers to conduct downgrade attacks. This plugin sends a list of hash algorithms SHA512, SHA384, SHA256, SHA224, SHA1, and MD5 in descending order, and checks if the server selects MD5. TRUSTED...
CVE-2014-8627
CVE-2014-8627 affects PolarSSL 1.3.8 where signature algorithm negotiation is flawed, enabling downgrade-like scenarios via unspecified vectors. Public sources (NVD/NASL/Nessus/OpenVAS) describe downgrad e risk and context; a patch path is to upgrade to newer PolarSSL versions (e.g., 1.3.9) as no...
Fedora 19 : polarssl-1.2.12-1.fc19 (2014-14912)
Update to 1.2.12 - CVE-2014-8628 1159845 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora 20 : polarssl-1.2.12-1.fc20 (2014-14898)
Update to 1.2.12 - CVE-2014-8628 1159845 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora Update for polarssl FEDORA-2014-14912
Check the version of polarssl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868511";...
Updated polarssl package fix security vulnerabilities
A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker signature algorithm than available. This has been fixed in PolarSSL 1.3.9 CVE-2014-8627. Two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in PolarSSL 1.3.9 CVE-2014-8628...
openSUSE Security Update : polarssl (openSUSE-SU-2014:1457-1)
polarssl was updated to version 1.3.9 to fix two security issues. These security issues were fixed : - Lowest common hash was selected from signaturealgorithms extension in TLS 1.2 CVE-2014-8627. - Remotely-triggerable memory leak when parsing some X.509 certificates CVE-2014-8628. %NASLMINLEVEL...