RHEL 5 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Malformed X.509 IPAdressFamily could cause OOB read CVE-2017-3735 - During key agreement in a TL...

CVE-2018-0732. Client DoS due to large DH parameter.

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2021-2542)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2041-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1420)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1185)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries CVE-2018-0495 - openssl: Malicious server can send large prime to...

SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:2956-1)

This update for openssl-11 to 1.1.0i fixes the following issues : These security issues were fixed : CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an...

Scientific Linux Security Update : openssl on SL7.x x86_64 (20181030)

Security Fixes : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries CVE-2018-0495 - openssl: Malicious server can send large prime to client during DHE TLS handshake causing the client to hang CVE-2018-0732 - openssl: Handling of crafted recursive ASN.1 structures can cau...

OpenSSL: Denial of service

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description It was discovered that OpenSSL allow malicious servers to send very large primes to a client during DHE...

F5 Networks BIG-IP : OpenSSL vulnerability (K21665601)

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

RHEL 7 : openssl (RHSA-2018:3221)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3221 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Medium: openssl

Issue Overview: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client ha...

openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2018:2117-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : openssl-1_0_0 (openSUSE-2018-1110)

This update for openssl-100 to 1.0.2p fixes the following issues : These security issues were fixed : - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2018-1306)

According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client...

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...

Security update for openssl-1_1 (moderate)

This update for openssl-11 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a...

openSUSE Security Update : openssl (openSUSE-2018-704)

This update for openssl fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a k...

openSUSE: Security Advisory for openssl (openSUSE-SU-2018:1906-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...