Mageia: Security Advisory (MGASA-2017-0390)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-3733

It was found that changing the ciphersuite during a renegotiation of the Encrypt-Then-Mac extension could result in a crash of the OpenSSL server or client...

Security Bulletin: Open Source OpenSSL Vulnerabilities in IBM Network Advisor

Summary Open Source OpenSSL Vulnerabilities in IBM Network Advisor CVE-2017-3733. Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-3733 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not...

Security Bulletin: Denial of service vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2017-3733)

Summary IBM Initiate Master Data Service is vulnerable to an OpenSSL denial of service attack and could cause the application to crash. Vulnerability Details CVEID: CVE-2017-3733 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the...

Oracle VirtualBox Security Updates (oct2017-3236626) 01 - Linux

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

Oracle VirtualBox Security Updates (oct2017-3236626) 01 - Windows

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

CVE-2017-3733 Encrypt-Then-Mac renegotiation crash

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...

CVE-2017-3733

CVE-2017-3733 describes a denial-of-service crash in OpenSSL 1.1.0 before 1.1.0e during a renegotiation handshake when the Encrypt-Then-MAC extension is (mis)negotiated between the original and renegotiated handshakes. The issue affects both clients and servers. Connected documents reiterate the ...

OpenSSL Encrypt-Then-Mac Renegotiation Denial of Service (CVE-2017-3733)

A denial of service vulnerability has been reported in OpenSSL. This vulnerability is due to improper handling of the Encrypt-Then-Mac extension during renegotiation. A remote attacker could exploit this vulnerability in an OpenSSL client or server application by sending crafted packets during...

OpenSSL 1.1.0 < 1.1.0e Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.0e. It is, therefore, affected by a vulnerability as referenced in the 1.1.0e advisory. - During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa...

OpenSSL Update Fixes High Severity DoS Vulnerability

The OpenSSL Software Foundation released an update to the OpenSSL crypto library that patches a vulnerability rated high severity that could allow a remote attacker to cause a denial-of-service condition. OpenSSL released the version 1.1.0e update that fixes flaws found in OpenSSL 1.1.0, accordin...

FreeBSD : openssl -- crash on handshake (1a802ba9-f444-11e6-9940-b499baebfeaf)

The OpenSSL project reports : Severity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent on ciphersuite. Both clients and servers are affected. This issue...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple...