HP Security Bulletin HPSBHF03293 1 - Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including heartbleed, padding oracle, and shellshock issues. Revision 1 of this advisory.
30d1ba0b92a93958f1b541914c45bffd10181d46e5a162699dcd2c22a93f67c4Gentoo Linux Security Advisory 201412-39 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Versions less than 1.0.1j are affected.
a8911a2cd573d9d9b7a21dda6fda6b8c703d63c5dd4ba76095ba2d228441fbaeRed Hat Security Advisory 2014-1297-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.
e6a52a5860b1db89bab94e8df4cebd26369bf1a6fe701deae6b86897b2ad96c0Red Hat Security Advisory 2014-1256-01 - An update for the openssl component for Red Hat JBoss Web Server 2.1.0 that fixes multiple security issues is now available from the Red Hat Customer Portal.
0a42be4979149e6e258283d7685446461846950dbaf2939b187cc377e0d4ae30HP Security Bulletin HPSBOV03099 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or disclose information. Revision 1 of this advisory.
aae3e2a1d333eb054bbbacfd312875f79f591047aa6e4a71ea420ee9f8f26a54HP Security Bulletin HPSBUX03095 SSRT101674 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. Revision 1 of this advisory.
35ea6546fb12c44295439a0781aa60fc6a8b2a36280244b7445e4c518ed728ffRed Hat Security Advisory 2014-1054-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.
764aee33222756a8c5691f00ba7d65d359debf2fd22c3e64127636ad640c0504Red Hat Security Advisory 2014-1053-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.
948de4a34ae026c5dab154c65c77547ef33ef30112240c62df3060016b472f9bRed Hat Security Advisory 2014-1052-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.
75bc0be12a1079a05666977a741c31a6e9ce2f144a48b721d2d303d494747755Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
e6c1e38ce693c76a337bfee5d7931997488682a149dcc7351a58577e1f17db5bDebian Linux Security Advisory 2998-1 - Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).
4b5ba9dfa84b23a549dccdd763c181521186cfd1c85de543dddad5497811bba9Mandriva Linux Security Advisory 2014-158 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. OpenSSL DTLS clients enabling anonymous DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference by specifying an anonymous DH ciphersuite and sending carefully crafted handshake messages. The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.
0c47d350a43e9ef06283b3a0d86eb7459ba8b68df64c0a7b9834987b823bc450Ubuntu Security Notice 2308-1 - Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. Various other issues were also addressed.
03bad2c5caba72992e90e3884ed995a197ef58b33d81447b1b69e27d4faf9d73OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7OpenSSL Security Advisory 20140806 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Other issues were also addressed.
2883e6b93580d6b479ec7deff02c94d30c4e29451dfc7278c3bc66db6f1c6795
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed