Amazon Linux 2 : openssl (ALAS-2018-1004)

bnsqrx8xinternal carry bug on x8664 There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to...

Oracle Linux 7 : openssl (ELSA-2018-0998)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0998 advisory. - fix CVE-2017-3737 - incorrect handling of fatal error state - fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus Tenable ha...

[slackware-security] openssl

New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2n-i586-1slack14.2.txz: Upgraded. This update fixes security issues: Read/write after SSL object in error state...

Vulnerability in OpenSSL - Read/write after SSL object in error state

OpenSSL 1.0.2 starting from version 1.0.2b introduced an “error state” mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Read/write after SSL object in error state CVE-2017-3737 OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediate...