Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability

Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2019-1563. Vulnerability Details CVEID:CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7dataDecode and...

Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7dataDecode and CMSdecryptset1pkey. By sendin...

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-2076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: OpenSSL (Publicly disclosed vulnerability) for IBM b-type switches and directors

Summary Fixes are released for OpenSSL Publicly disclosed vulnerability for IBM b-type switches and directors. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group...

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in OpenSSL (CVE-2019-1547 and CVE-2019-1563)

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing the cofactor usin...

Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager

Summary OpenSSL is shipped with IBM Tivoli Network Manager version 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting OpenSSL is published here. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain...

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Security Bulletin: OpenSSL vulnerabilites (CVE-2019-1563, CVE-2019-1547) impacting IBM Aspera High-Speed Transfer Server 3.9.1, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 3.9.1 and earlier

Summary OpenSSL vulnerabilites CVE-2019-1563, CVE-2019-1547 impacting IBM Aspera High-Speed Transfer Server 3.9.1, Aspera High-Speed Transfer Endpoint 3.9.1, Aspera Desktop Client 3.9.1 and earlier. The fix is delivered in IBM Aspera High-Speed Transfer Server 3.9.6, Aspera High-Speed Transfer...

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1552, CVE-2019-1563)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions,...

Security Bulletin: OpenSSL publicly disclosed vulnerability

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in...

Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert

Summary OpenSSL has a security vulnerability that allows a remote attacker to exploit the application. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION:...

There is a vulnerability in OpenSSL used by AIX.

IBM SECURITY ADVISORY First Issued: Tue Nov 26 14:32:29 CST 2019 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory31.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory31.asc...

Debian: Security Advisory (DSA-4539-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4539-1 : openssl - security update

Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7dataDecode and CMSdecryptset1pkey and it was discovered that a feature of the random number generator RNG intended to protect against shared RNG state between parent and child processes in th...

Debian DSA-4540-1 : openssl1.0 - security update

Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7dataDecode and CMSdecryptset1pkey. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4540. The text...

CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

Vulnerability in OpenSSL - Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

Null pointer dereference

The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob that uses ASN.1 encoding and lack...