OESA-2024-2386 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8)

The version of AOS installed on the remote host is prior to 6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8 advisory. - In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be...

Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7dataDecode and CMSdecryptset1pkey. By sendin...

Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7dataDecode and CMSdecryptset1pkey. By sendin...

Security Bulletin: OpenSSL (Publicly disclosed vulnerability) for IBM b-type switches and directors

Summary Fixes are released for OpenSSL Publicly disclosed vulnerability for IBM b-type switches and directors. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group...

Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated...

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in OpenSSL (CVE-2019-1547 and CVE-2019-1563)

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing the cofactor usin...

Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager

Summary OpenSSL is shipped with IBM Tivoli Network Manager version 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting OpenSSL is published here. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain...

Security Bulletin: OpenSSL publicly disclosed vulnerability

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in...

Security Bulletin: Multiple vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2019-1547, CVE-2019-1549, CVE-2019-1552, and CVE-2019-1563)

Summary OpenSSL has security vulnerability that allows a remote attacker to exploit the application. Respective security vulnerability details are discussed in the subsequent section. Vulnerability Details This section includes the vulnerability details that affects the Rational Build Forge. CVEI...

openssl security update

1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-2216)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...

CVE-2019-1547

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...

OPENSUSE-SU-2019:2269-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: OpenSSL Security Advisory 10 September 2019 CVE-2019-1547: Added ECGROUPsetgenerator side channel attack avoidance. bsc1150003 CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key bsc1150250 In addition fix...

CVE-2019-1547

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...

CVE-2019-1547

The CVE-2019-1547 entry concerns OpenSSL: constructing an EC group with explicit parameters (not a named curve) can omit the cofactor, causing a fallback to non-side-channel-resistant code paths and potentially full key recovery during ECDSA signatures. The issue does not affect libssl because ex...