EUVD-2019-10116

Malware in sbrugna...

F5 Networks BIG-IP : OpenSSL vulnerability (K18549143)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.2.1 / 15.0.1.1. It is, therefore, affected by a vulnerability as referenced in the K18549143 advisory. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, a...

Oracle Linux 7 : openssl (ELSA-2019-2304)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2304 advisory. - fix CVE-2018-0734 - DSA signature local timing side channel - fix CVE-2019-1559 - 0-byte record padding oracle Tenable has extracted the preceding...

SUSE SLES11 Security Update : openssl (SUSE-SU-2019:14092-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14092-1 advisory. - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSS...

Updated qtbase5 packages fix security vulnerability

QSslSocket incorrectly calls SSLshutdown in OpenSSL mid-handshake causing denial of service in TLS applications CVE-2020-13962 This update provides additionals fixes: - Check that the sizes are even representable when checking if clipping is necessary P300 - Multiply instead of shifting, The...

Denial Of Service (DoS)

qt5 is vulnerable to denial of service. An incorrect call to SSLshutdown during mid-handshake causes a denial of service condition in TLS applications...

RHEL 8 : qt5-qtbase and qt5-qtwebsockets (RHSA-2020:4690)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4690 advisory. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt...

Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2019-1559)

Summary A security vulnerability has been disclosed on 26th February 2019 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an...

NewStart CGSL MAIN 4.05 : openssl Vulnerability (NS-SA-2020-0019)

The remote NewStart CGSL host, running version MAIN 4.05, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...

Palo Alto Networks PAN-OS 7.1 < 7.1.25 / 8.0 < 8.0.20 / 8.1 < 8.1.8 / 9.0 < 9.0.2 OpenSSL Vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2019-0254)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signin...

Amazon Linux 2 : openssl (ALAS-2019-1362)

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

NewStart CGSL MAIN 4.06 : openssl Vulnerability (NS-SA-2019-0176)

The remote NewStart CGSL host, running version MAIN 4.06, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...

openssl: 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

openSUSE: Security Advisory for compat-openssl098 (openSUSE-SU-2019:1637-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2019:1608-1)

This update for compat-openssl098 fixes the following issues : CVE-2019-1559: Fix 0-byte record padding oracle via SSLshutdown bsc1127080 Reject invalid EC point coordinates bsc1131291 Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' bsc1117951 Note that Tenable...

SUSE-SU-2019:1553-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2018-0732: Reject excessively large primes in DH key generation bsc1097158 - CVE-2018-0734: Timing vulnerability in DSA signature generation bsc1113652 - CVE-2018-0737: Cache timing vulnerability in RSA Key Generation bsc1089039 -...

SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1362-1)

This update for openssl fixes the following issues : Security issue fixed : CVE-2019-1559: Fixed a 0-byte record padding oracle via SSLshutdown bsc1127080. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

Amazon Linux 2 : openssl (ALAS-2019-1188)

A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.CVE-2018-5407 If an application encounters a fatal protocol error...

EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1258)

According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receiv...