3 matches found
Security Bulletin: This Power System update is being released to address CVE-2024-2511
Summary The OpenSSL package is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2024-2511, by upgrading PowerVM and thus addressing the exposur...
Internet Bug Bounty: Unbounded memory growth with session handling in TLSv1.3
Some non-default TLS server configurations were found to cause unbounded memory growth when processing TLSv1.3 sessions. The issue was caused by a problem with the session cache management in certain scenarios involving the SSLOPNOTICKET option. This could lead to a Denial of Service...
AZL-42700 CVE-2024-2511 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...