SUSE: Security Advisory (SUSE-SU-2014:1387-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:1386-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:1524-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLS_FALLBACK_SCSV

Summary The server responded with a Handshake to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLSFALLBACKSCSV Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware (CVE-2014-3513, CVE-2014-3567)

Summary OpenSSL vulnerabilities along with SSL 3 Fallback protection TLSFALLBACKSCSV were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware. IBM Flex SystemEN6131 40Gb Ethernet / IB6131 40Gb...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Global Console Manager (GCM) and Local Console Manager (LCM) Switches (CVE-2014-3567, CVE-2014-3568)

Summary OpenSSL vulnerabilities along with SSL 3 Fallback protection TLSFALLBACKSCSV were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by IBM Global Console Manager GCM and Local Console Manager LCM Switches. IBM Global ConsoleManager GCM and Local Console Manager LCM...

SSL TLS_FALLBACK_SCSV Cipher Suite

This protection detects ssl client requests including TLSFALLBACKSCSV cipher suite...

SUSE: Security Advisory for OpenSSL (SUSE-SU-2014:1386-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

This POODLE Bites: Exploiting The SSL 3.0 Fallback

Introduction SSL 3.0 RFC6101 is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 RFC2246, TLS 1.1 RFC4346, and TLS 1.2 RFC5246, many TLS implementations remain backwards­compatible with SSL 3.0 to interoperate with legacy systems ...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2015:0076-1)

This update fixes the following security issues in MozillaFirefox : - MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 bmo1109889, bmo1111737, bmo1026774, bmo1027300, bmo1054538, bmo1067473, bmo1070962, bmo1072130, bmo1072871, bmo1098583 Miscellaneous memory safety hazards rv:35.0 / rv:31.4 - MFSA...

SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:1387-1) (POODLE)

This OpenSSL update fixes the following issues : - Session Ticket Memory Leak CVE-2014-3567 - Build option no-ssl3 is incomplete CVE-2014-3568 - Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Note that Tenable Network Security has extracted the preceding description block direct...

SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2014:1512-1) (POODLE)

compat-openssl098 was updated to fix three security issues. NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. These security issu...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2014:1524-1) (POODLE)

openssl was updated to fix four security issues. These security issues were fixed : - SRTP Memory Leak CVE-2014-3513. - Session Ticket Memory Leak CVE-2014-3567. - Fixed incomplete no-ssl3 build option CVE-2014-3568. - Add support for TLSFALLBACKSCSV CVE-2014-3566. NOTE: This update alone DOESN'T...

OracleVM 3.3 : nss (OVMSA-2014-0082)

The remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Remove unused indentation pseudo patch - require nss util 3.16.2.3 - Restore patch for...

SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)

The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues : - Build option no-ssl3 is incomplete. CVE-2014-3568 - Add support for TLSFALLBACKSCSV. CVE-2014-3566 - Information leak in pretty printing functions. CVE-2014-3508 - OCSP bad key DoS...

Scientific Linux Security Update : nss, nss-util, and nss-softokn on SL5.x, SL6.x, SL7.x i386/x86_64 (20141202) (POODLE)

This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...

Updated firefox & thunderbird packages fix security vulnerabilities

Updated nss, firefox, and thunderbird packages fix security vulnerabilities: In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data CVE-2014-1569. Several flaws were found in the processing of malformed web...

openSUSE Security Update : openssl (openSUSE-SU-2014:1426-1) (POODLE)

openSSL was updated to version 1.0.1j to fix four security issues and various other issues. These security issues were fixed : - Fix SRTP Memory Leak CVE-2014-3513 - Session Ticket Memory Leak CVE-2014-3567 - Add SSL 3.0 Fallback protection TLSFALLBACKSCSV CVE-2014-3566 - Build option no-ssl3 is...

SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9915)

This OpenSSL update fixes the following issues : - Session Ticket Memory Leak. CVE-2014-3567 - Build option no-ssl3 is incomplete. CVE-2014-3568 - Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Mandriva Linux Security Advisory : openssl (MDVSA-2014:203)

Multiple vulnerabilities has been discovered and corrected in openssl : OpenSSL has added support for TLSFALLBACKSCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications such as browsers will reconnect using a downgraded protocol ...