300 matches found
Medium: openssl
Issue Overview: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believe...
Oracle Linux 7 : openssl (ELSA-2018-0998)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0998 advisory. - fix CVE-2017-3737 - incorrect handling of fatal error state - fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus Tenable ha...
Debian DSA-4157-1 : openssl - security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in...
OpenSSL -- multiple vulnerabilities
The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...
Debian DSA-4065-1 : openssl1.0 - security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSLread and SSLwrite while being...
openSUSE: Security Advisory for openssl (openSUSE-SU-2017:3345-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
MGASA-2017-0453 Updated openssl packages fix security vulnerabilities
OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...
Security update for openssl (important)
This update for openssl fixes the following issues: - OpenSSL Security Advisory 07 Dec 2017 CVE-2017-3737: OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error...
FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (9f7a0f39-ddc0-11e7-b5af-a4badb2f4699)
Invoking SSLread/SSLwrite while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSLread/SSLwrite being issued after having...
[slackware-security] openssl
New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2n-i586-1slack14.2.txz: Upgraded. This update fixes security issues: Read/write after SSL object in error state...
FreeBSD -- OpenSSL multiple vulnerabilities
Problem Description: Invoking SSLread/SSLwrite while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSLread/SSLwrite being...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
ALPINE-CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
CVE-2017-3738 is an overflow bug in the AVX2 Montgomery multiplication used for 1024-bit moduli in OpenSSL. The issue affects x86_64 builds with AVX2 (not ADX) and can, in very unlikely cases, enable private-key recovery on affected architectures. OpenSSL 1.0.2n fixes the flaw; OpenSSL 1.1.0 is n...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-1000229
Integer overflow bug in function minitiffreadinfo of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service...
DEBIAN-CVE-2017-1000229
Integer overflow bug in function minitiffreadinfo of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service...