475 matches found
openSUSE Security Update : openssl (openSUSE-2016-1130)
This update for openssl fixes the following issues : OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 - Constant time flag n...
SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...
Important: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
openssl: Possible integer overflow vulnerabilities in codebase
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash...
Security update for openssl (important)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 Constant time flag not...
SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...
Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL regression (USN-3087-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3087-2 advisory. USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update...
Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-3087-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3087-1 advisory. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cau...
Debian DSA-3673-1 : openssl - security update
Several vulnerabilities were discovered in OpenSSL : - CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-p ointer-arithmetic/ - CVE-2016-2178 Cesar Pereida, Billy...
DSA-3673-2 openssl - regression update
Bulletin has no description...
USN-3087-1: OpenSSL vulnerabilities
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. CVE-2016-6304 Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointe...
PT-2016-3191 · Zlib +9 · Zlib +9
Name of the Vulnerable Software and Affected Versions: zlib version 1.2.8 Description: The issue is caused by improper pointer arithmetic in the inftrees.c component of the zlib library. This could allow a remote attacker to exploit the vulnerability, potentially leading to unspecified impact,...
DSA-3673-1 openssl - security update
Bulletin has no description...
Debian Security Advisory DSA 3673-1 (openssl - security update)
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/CVE-2016-2178 Cesar Pereida, Billy Brumley and...
Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=826 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMRPLGBLT...
Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads MS16-097 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=826 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, whi...
Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=824 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMRPLGBLT, EMRBITBLT, EMRSTRETCHBLT, EMRSTRETCHDIBITS etc. T...
Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=826 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMRPLGBLT, EMRBITBLT, EMRSTRETCHBLT, EMRSTRETCHDIBITS etc. I...
OpenSSL Multiple Vulnerabilities - 19 (Jun 2016) - Windows
OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...
DEBIAN-CVE-2016-2177
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3srvr....