23 matches found
libvirt TLS Certificate Validation Vulnerability
libvirt is a set of free , open source support for the mainstream virtualization tools under Linux C function library . A TLS certificate validation vulnerability exists in Libvirt 2.3.0 and later. The vulnerability is caused by an error in the default configuration "verify-peer=no" passed to QEM...
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)
ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed : - CVE-2016-4956: Broadcast interleave bsc982068. - CVE-2016-2518: Crafted addpeer with hmode 7 causes array wraparound with MATCHASSOC bsc977457. - CVE-2016-2519: ctlgetitem return value not always...
cert name check ignore OpenSSL
libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and CURLOPTSSLVERIFYHOST. T...