EUVD-2015-3262

Malware in sbrugna...

Debian: Security Advisory (DLA-358-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

OracleVM 3.2 : openssl (OVMSA-2016-0071)

The remote OracleVM system is missing necessary patches to address critical security updates : - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 John Haxby orabug 21673934 - Backport openssl 08-Jan-2015 security fixes John Haxby orabug 20409893 - f...

OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108...

Oracle Linux 6 : openssl (ELSA-2016-0996)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0996 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...

openssl security update

1.0.1e-48.1 - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when readi...

openssl security update

1.0.1e-51.5 - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when readi...

AIX OpenSSL Advisory : openssl_advisory15.asc

The version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in file rsaameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can...

Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x8664 Montgomery squaring...

OpenSSL 'X509_ATTRIBUTE' Information Disclosure Vulnerability - Windows

OpenSSL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

OpenSSL 'X509_ATTRIBUTE' Information Disclosure Vulnerability - Linux

OpenSSL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2015:2275-1)

This update for openssl fixes the following issues : - CVE-2015-3195: When presented with a malformed X509ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS7 and CMS routines so any application which reads PKCS7 or CMS data from untrusted sources is affected. SSL/TL...

Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2617 advisory. - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509ATTRIBUTE memory leak - fix CVE-2015-3196 - rac...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

USN-2830-1: OpenSSL vulnerabilities

Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10...

FreeBSD : openssl -- multiple vulnerabilities (4c8d1d72-9b38-11e5-aece-d050996490d0)

OpenSSL project reports : - BNmodexp may produce incorrect results on x8664 CVE-2015-3193 - Certificate verify crash with missing PSS parameter CVE-2015-3194 - X509ATTRIBUTE memory leak CVE-2015-3195 - Race condition handling PSK identify hint CVE-2015-3196 - Anon DH ServerKeyExchange with 0 p...

Debian DSA-3413-1 : openssl - security update

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL...

OpenSSL 1.0.0 < 1.0.0t Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0t advisory. - ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client,...

OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2e. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2e advisory. - The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, a...