FreeBSD : Node.js -- multiple vulnerabilities (b71d7193-3c54-11e9-a3f9-00155d006b02)

Node.js reports : Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...

Debian DLA-1701-1 : openssl security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application...

[ASA-201903-6] lib32-openssl-1.0: information disclosure

Arch Linux Security Advisory ASA-201903-6 ========================================= Severity: Medium Date : 2019-03-03 CVE-ID : CVE-2019-1559 Package : lib32-openssl-1.0 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-918 Summary ======= The package...

Debian: Security Advisory (DLA-1701-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-201903-2] openssl-1.0: information disclosure

Arch Linux Security Advisory ASA-201903-2 ========================================= Severity: Medium Date : 2019-03-02 CVE-ID : CVE-2019-1559 Package : openssl-1.0 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-917 Summary ======= The package openssl-1.0 befo...

[SECURITY] [DLA 1701-1] openssl security update

Package : openssl Version : 1.0.1t-1+deb8u11 CVE ID : CVE-2019-1559 Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive...

Padding Oracle Attack

openssl is vulnerable to padding oracle attacks. In the event of a fatal protocol error and SSLshutdown is called twice, an attacker is able to perform a padding oracle attack to decrypt data by sending a 0 byte record with invalid padding, causing the application to behave differently due to...

OpenSSL 1.0.2 < 1.0.2r Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2r. It is, therefore, affected by a vulnerability as referenced in the 1.0.2r advisory. - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one th...

Debian DSA-4400-1 : openssl1.0 - security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4400. The text itself is copyright C Software in the Public...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerability (USN-3899-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3899-1 advisory. Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding...

Node.js -- multiple vulnerabilities

Node.js reports: Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...

Ubuntu: Security Advisory (USN-3899-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

ALPINE-CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

DEBIAN-CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

CVE-2019-1559 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...