CLSA-2025-1751550314 openssl: Fix of CVE-2024-12797

RFC7250 handshakes with unauthenticated servers don't abort as expected CVE-2024-12797 Resolves: RHEL-76755...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a man-in-the-middle attack in OpenSSL [CVE-2024-12797]

Summary IBM Watson Speech Services Cartridge is vulnerable to a man-in-the-middle attack in OpenSSL, caused by a failure to abort TLS/DTLS handshakes in RFC7250 Raw Public Key RPK authentication CVE-2024-12797. OpenSSL is used by our Speech runtimes. This vulnerabilitiy has been addressed. Please...

Oracle Linux 9 : openssl (ELSA-2025-1330)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1330 advisory. 3.2.2-6.0.1.1 - Enable openssl-fips-provider dependency Orabug: 36504822 - Temporary disable openssl-fips-provider dependency Orabug: 36504822 - Replace upstrea...

OpenSSL RPKs Vulnerability (20250211) - Windows

OpenSSL is prone to a vulnerability in the RFC7250 Raw Public Keys RPKs handshake. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

openssl security update

3.2.2-6.0.1.1 - Enable openssl-fips-provider dependency Orabug: 36504822 - Temporary disable openssl-fips-provider dependency Orabug: 36504822 - Replace upstream references Orabug: 34340177 1:3.2.2-6.1 - RFC7250 handshakes with unauthenticated servers don't abort as expected CVE-2024-12797...

FreeBSD : OpenSSL -- Man-in-the-Middle vulnerability (a64761a1-e895-11ef-873e-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a64761a1-e895-11ef-873e-8447094a420f advisory. The OpenSSL project reports: RFC7250 handshakes with unauthenticated servers don't abort as expected...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

ALSA-2025:1330 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected CVE-2024-12797 For more...

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected CVE-2024-12797 For more...

OpenSSL -- Man-in-the-Middle vulnerability

The OpenSSL project reports: RFC7250 handshakes with unauthenticated servers don't abort as expected High. Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEE...

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...