Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway

Summary IBM DataPower Gateway has addressed two CVEs relating to SSL: CVE-2019-1559 & CVE-2018-0734 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2020-1629)

According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in...

EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1258)

According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receiv...

CVE-2019-1559 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...