Security Bulletin: Vulnerabilities in OpenSSL, including Logjam, affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM Flex System FC43171 8Gb SAN Switchand SAN Pass-thru firmware, QLogic 8Gb...

Debian: Security Advisory (DLA-247-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

Session fixation

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is a version prior to 7.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure du...

OpenSSL Multiple Vulnerabilities (20150611 - 2) - Windows

OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...

Multiple Security vulnerabilities in AIX OpenSSL

IBM SECURITY ADVISORY First Issued: Wed Jul 15 00:20:05 CDT 2015 | Updated: Wed Aug 12 05:13:23 CDT 2015 | Update: A new ifix for Power8 machines having OpenSSL v1.0.1.514 has been added | Update: "A. FIXES" section. The most recent version of this document is available here:...

SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)

OpenSSL 0.9.8k was updated to fix several security issues : CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1788: Malformed ECParameters could cause an...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)

This update of openssl fixes the following security issues : - CVE-2015-4000 bsc931698 - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 - Malformed ECParameters causes infinite...

Security update for openssl (important)

openssl was updated to fix six security issues. The following vulnerabilities were fixed: CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. boo931698 CVE-2015-1788: Malformed ECParameters causes...

OpenSSL 1.0.1 < 1.0.1n / 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)

Binary data 8790.prm...

Debian DLA-247-1 : openssl security update (Logjam)

Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of...

SUSE-SU-2015:1143-1 Security update for openssl

This update of openssl fixes the following security issues: - CVE-2015-4000 bsc931698 The Logjam Attack / weakdh.org reject connections with DH parameters shorter than 1024 bits generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 Malformed ECParameters causes infinite loop -...

DSA-3287-1 openssl - security update

Bulletin has no description...

Race condition

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

openssl: multiple issues

CVE-2015-1788 denial of service When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. This can be used to perform denial of service against any system which processes public keys, certificate...

OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.1n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1n advisory. - The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2639-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2639-1 advisory. Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker cou...

CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

EUVD-2015-1917

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...