23 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-7056
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. CVE-2016-70...
SUSE: Security Advisory (SUSE-SU-2017:0495-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:0461-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenSSL: Information Disclosure Vulnerability (CVE-2016-7056) - Windows
OpenSSL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
OpenSSL: Information Disclosure Vulnerability (CVE-2016-7056) - Linux
OpenSSL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
CVE-2016-7056
CVE-2016-7056 describes a timing attack in OpenSSL 1.0.1u and earlier that could allow a local attacker to recover an ECDSA P-256 private key. The root cause is a timing side-channel during ECDSA signing; no remote/external access requirement is stated in the sources, only local access. Publicly ...
RHEL 7 : JBoss Core Services (RHSA-2017:1413)
An update is now available for Red Hat JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6 (Important) (RHSA-2017:1414)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1414 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...
SUSE-SU-2018:0112-1 Security update for openssl
This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-7056: ECSDA P-256 timing attack key recovery bsc1019334 - CVE-2017-3731: Truncated packet could crash via OOB read bsc1022085 - CVE-2016-8610: remote denial of service in SSL alert handling bsc1005878 -...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6
An update is now available for Red Hat JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
openSUSE Security Update : libressl (openSUSE-2017-561)
This update for libressl to version 2.5.1 fixes the following issues : These security issues were fixed : - CVE-2016-0702: Prevent side channel attack on modular exponentiation boo968050. - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing...
openSUSE Security Update : libressl (openSUSE-2017-560)
This update for libressl to version 2.5.1 fixes the following issues : These security issues were fixed : - CVE-2016-0702: Prevent side channel attack on modular exponentiation boo968050. - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing...
Mac OS X Multiple Vulnerabilities (Security Update 2017-001
The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the LibreSSL component due to a flaw in the ECDSA implementation that is triggered whe...
SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)
This update for compat-openssl098 fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed bsc1019334 - CVE-2016-8610: A remote denial of...
SUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1)
This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed bsc1019334 - CVE-2016-8610: A remote denial of service in...
openSUSE Security Update : openssl (openSUSE-2017-255)
This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed bsc1019334 - CVE-2016-8610: A remote denial of service in...
SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)
This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed bsc1019334 - CVE-2016-8610: A remote denial of service in...
openSUSE Security Update : libressl (openSUSE-2017-222)
This update for libressl fixes the following issues : - CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys boo1019334 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
[SECURITY] [DLA 814-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb7u2 CVE ID : CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets...
Ubuntu Update Includes OpenSSL Fixes
Ubuntu users are being urged to update their operating systems to address a handful of recently patched OpenSSL vulnerabilities which affect Ubuntu and its derivatives. Developers with Canonical, the company that oversees the Linux distribution, announced the updates on Tuesday, encouraging users...