Oracle Linux 5 : openssl (ELSA-2010-0162)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0162 advisory. - fix CVE-2009-3245 - add missing bnwexpand return checks 570924 - fix CVE-2010-0433 - do not pass NULL princ to krb5ktgetentry which in the RHEL-5 and...

Debian DSA-2141-1 : openssl - SSL/TLS insecure renegotiation protocol design flaw

DSA-2141 consists of three individual parts, which can be viewed in the mailing list archive: DSA 2141-1 openssl, DSA 2141-2 nss, DSA 2141-3 apache2, and DSA 2141-4 lighttpd. This page only covers the first part, openssl. - CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw...

DSA-2141-2 nss - protocol design flaw

Bulletin has no description...

[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw

------------------------------------------------------------------------ Debian Security Advisory DSA-2141-2 [email protected] http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw

------------------------------------------------------------------------ Debian Security Advisory DSA-2141-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq -...

SuSE 11 Security Update : OpenSSL (SAT Patch Number 2214)

This update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as CVE-2009-3555. It also fixes a mishandling of OOM conditions in bnwexpand. CVE-2009-3245 Installation notes This update is provided as RPM packages that can easily be installed onto a running system by...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6944)

This update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as CVE-2009-3555. It also fixes a mishandling of OOM conditions in bnwexpand. CVE-2009-3245 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

Ubuntu Update for apache2 vulnerability USN-990-2

Ubuntu Update for Linux kernel vulnerabilities USN-990-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN9902.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for apache2 vulnerability USN-990-2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : apache2 vulnerability (USN-990-2)

USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow...

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openssl vulnerability (USN-990-1)

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the...

USN-990-2: Apache vulnerability

USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow...

Fedora 12 : openssl-1.0.0-4.fc12 (2010-8742)

This update fixes multiple bugs and security issues. It especially adds support for RFC5746. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

openSUSE Security Update : libopenssl-devel (libopenssl-devel-2232)

This openssl update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as CVE-2009-3555. It also fixes a mishandling of OOM conditions in bnwexpand CVE-2009-3245. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

openssl security update

0.9.8e-12.6 - fix CVE-2009-3245 - add missing bnwexpand return checks 570924 0.9.8e-12.5 - fix CVE-2010-0433 - do not pass NULL princ to krb5ktgetentry which in the RHEL-5 and newer versions will crash in such case 569774 0.9.8e-12.4 - do not disable SSLv2 in the renegotiation patch - SSLv2 does...

Vulnerability in OpenSSL CVE-2009-3555

Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation...