Security Bulletin: Vulnerabilities in OpenSSL, including Logjam, affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM Flex System FC43171 8Gb SAN Switchand SAN Pass-thru firmware, QLogic 8Gb...

K16938: OpenSSL vulnerability CVE-2015-1788

Security Advisory Description The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows...

SUSE CVE-2015-1788

The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM GPFS V3.5 for Windows (CVE-2015-4000, CVE-2015-1793, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project and affect IBM GPFS V3.5 . This includes the Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. This also includes the alternate chains certificate forgery vulnerability...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Networking Switches (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)

Summary The following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below. Vulnerability Details Summary The following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below. Vulnerability Details: CVE-ID:...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM® SDK for Node.js™ in IBM Bluemix

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes the Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000 which affects IBM SDK for Node.js in IBM Bluemix. Vulnerability Details CVEID: CVE-2015-4000...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Directory Server for AIX/VIOS (CVE-2015-1788)

Summary OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. Vulnerability Details...

Security Bulletin: Vulnerabilities in Open Source OpenSSL affects the IBM FlashSystem V840 (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, and CVE-2015-3216)

Summary There are vulnerabilities in the Open Source OpenSSL version that is used by the IBM® FlashSystem™ V840. An exploit of these vulnerabilities could result in a denial of service. One vulnerability can result in a race condition, the result of which is of unknown impact. Vulnerability Detai...

Security Bulletin: Vulnerability in OpenSSL affects Tivoli Storage FlashCopy Manager Unix and VMware (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. Tivoli Storage Manager Unix and VMware are affected as GSKit is used for communication between FCM components. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a deni...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Directory Server (CVE-2015-1788)

Summary OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. Vulnerability Details...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Access Manager for Web. IBM Security Access Manager for Web has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-8176 DESCRIPTION: OpenSSL could allow a remo...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM API Management (CVE-2015-4947 CVE-2015-1283 CVE-2015-1788)

Summary There are multiple vulnerabilities in IBM HTTP Server 8.5.5.4 that is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-4947 DESCRIPTION: IBM HTTP Server Administration Server could be vulnerable to a stack buffer...

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)

Summary SSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters...

HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is a version prior to 7.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure du...

OpenSSL Denial of Service Vulnerability (20150611 - 1) - Windows

OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

OpenSSL Denial of Service Vulnerability (20150611 - 1) - Linux

OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)

According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection XXE flaw exists in the Apache ActiveMQ component due to a faulty...

IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)

According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 11. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the monitoring and audit features that occurs when handling a specially crafte...

Multiple Security vulnerabilities in AIX OpenSSL

IBM SECURITY ADVISORY First Issued: Wed Jul 15 00:20:05 CDT 2015 | Updated: Wed Aug 12 05:13:23 CDT 2015 | Update: A new ifix for Power8 machines having OpenSSL v1.0.1.514 has been added | Update: "A. FIXES" section. The most recent version of this document is available here:...

SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)

OpenSSL 0.9.8k was updated to fix several security issues : CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1788: Malformed ECParameters could cause an...