89 matches found
ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2015-081 CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 Severity...
Code injection
EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...
CVE-2015-0533
EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...
CVE-2015-0533
CVE-2015-0533 concerns EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x prior to 4.0.8 and 4.1.x prior to 4.1.3, and RSA BSAFE SSL-C 2.8.9 and earlier. It allows remote SSL servers to perform an ECDHE-to-ECDH downgrade by omitting the ServerKeyExchange message, potentially harming forward secrecy. T...
CVE-2015-0533
EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...
openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)
libressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed : - CVE-2014-3570: The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1...
Amazon Releases S2N TLS Crypto Implementation to Open Source
Amazon today released to open source its own TLS implementation called s2n, which stands for signal to noise. While admittedly not meant to be a replacement for OpenSSL, for example, s2n is a slimmed-down crypto implementation analogous to libssl, the OpenSSL library that supports TLS. Amazon chi...
SUSE SLED12 / SLES12 Security Update : MozillaFirefox / mozilla-nss (SUSE-SU-2014:1510-1)
update to Firefox 31.2.0 ESR bnc900941 - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 bmo1001994, bmo1011354, bmo1018916, bmo1020034, bmo1023035, bmo1032208, bmo1033020, bmo1034230, bmo1061214, bmo1061600, bmo1064346, bmo1072044, bmo1072174 Miscellaneous memory safety hazards rv:33.0/rv:31.2 - MFSA...
openssl security update
0.9.8e-32.0.1 - Backport openssl 08-Jan-2015 security fixes John Haxby orabug 20409893 - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1getrecord - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH Client - fix...
F5 Networks BIG-IP : OpenSSL vulnerability (SOL16126)
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. C Tenable Network Security, Inc...
Multiple Security vulnerabilities in AIX OpenSSL
IBM SECURITY ADVISORY First Issued: Wed Feb 4 06:24:41 CST 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory12.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory12.asc...
OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.0p. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0p advisory. - Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote...
OpenSSL 0.9.8 < 0.9.8zd Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.8zd. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8zd advisory. - The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the...
[SECURITY] [DLA 132-1] openssl security update
Package : openssl Version : 0.9.8o-4squeeze19 CVE ID : CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:...
CVE-2014-3572
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
CVE-2014-3572
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
Code injection
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
CVE-2014-3572
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
CVE-2014-3572
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
CVE-2014-3572
OpenSSL OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k is vulnerable to an ECDHE‑to‑ECDH downgrade attack caused by omitting the ServerKeyExchange message, which can trigger loss of forward secrecy. The issue affects multiple platforms (e.g., AIX advisories and other vendor ...