Security Bulletin: Vulnerabilities in OpenSSL affect Rational BuildForge (CVE-2015-1792)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by Rational BuildForge. Rational Buildforge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1792 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)

This update of openssl fixes the following security issues : - CVE-2015-4000 bsc931698 - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 - Malformed ECParameters causes infinite...

Vulnerability in OpenSSL - CMS verify infinite loop with unknown hash function

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code. Found by Johannes Bauer...