HP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.
55b881f2a237e07f9560dcebcf5f78996c72fe03931da60fb9afbd2da087871d
HP Security Bulletin HPSBMU03611 1 - Multiple potential security vulnerabilities have been identified with the Matrix Operating Environment on Windows and Linux that could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Execution of arbitrary code, Cross-site scripting (XSS), Disclosure of Sensitive Information, Code Execution, and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.
07f921689053d6bedbb8e1f9fc233c8b5f70902577e1ef3c8ec264ef9e30544e
Apple Security Advisory 2015-09-16-2 - Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities.
7a3af52221713d401a1c4f2c0809a381ca1e1c7cc53f03c7a03efe9fde6277f6
HP Security Bulletin HPSBMU03267 3 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
7ff5a108a31a43337d5de95d2e79246d6a7bcf81a0b5f4f464ee9d4de1c45e58
HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
77a518cb0ccf0a4c04a46e8ea0991baac6b0eafce5c9e8a2db3164eaa98ae5a3
HP Security Bulletin HPSBMU03223 1 - Several potential security vulnerabilities have been identified with HP Insight Control server provisioning running SSLv3. These are the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
36ba059b9acedf2bacaf76b60979c8057c5973ea903070f309a681ca4a388e4a
HP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
266edbc2c77cb9a27d028900097a82c14a33598b9d019eaa48c5d447c4276489
HP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
b0d83a45ccd554287e2918d69e2b966916bb6e4a34595e69cc5962c44381597d
HP Security Bulletin HPSBMU03296 1 - Potential security vulnerabilities have been identified with HP BladeSystem c-Class Onboard Administrator. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow a Denial of Service (DoS). Revision 1 of this advisory.
9513e9f5e721a57f1d75304573ad18b07d6f46d52f0ee772d57b7eadb0a6b5d3
HP Security Bulletin HPSBHF03300 1 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. Other vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) and unauthorized access. Revision 1 of this advisory.
329f0280df00f4c7b48c192f216b6d37cdbb7f6ed711b0b2b33a657122fbae7b
HP Security Bulletin HPSBMU03304 1 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information. HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware. Revision 1 of this advisory.
23cb06e0b40a2e6e6cbc8eac69a2687e1b1ecb149c980483c62275e613a41bad
Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
e171ec43c2e20ccaebff7416a52645d7f17fe5f2ac7aa5376af3eb0518dd7115
HP Security Bulletin HPSBMU03263 1 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
e9470422791d2a2b95c43579456c672fbc3a4de6806dd7e01f693c18ab61c8c6
HP Security Bulletin HPSBMU03267 1 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
5570b2af5b9b8cf9e59116ff814ca6462db2c1e427ac11943e2afd22e6120ee4
HP Security Bulletin HPSBMU03260 1 - A potential security vulnerability has been identified with HP System Management Homepage running OpenSSL on Linux and Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
6626a803ddc8c8264f2c7c8eed5352df1f5b48b242c4246b817c9377a12cc3e0
VMware Security Advisory 2015-0001 - VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.
55fa1873d70654ee0597f3da9f1f88c2593c4ac47e45f3deaf0add63c4c2cd33
HP Security Bulletin HPSBGN03233 1 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.
4b877dbe7e357236881b287abc3a3f36c78913bccdc7212120a575f1c5a5650e
Gentoo Linux Security Advisory 201412-39 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Versions less than 1.0.1j are affected.
a8911a2cd573d9d9b7a21dda6fda6b8c703d63c5dd4ba76095ba2d228441fbae
FreeBSD Security Advisory - A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE.
1338c6e5d97b6096c8316516c16ede168dd7ee9fb4220f57cfcb0077bbbdbdbe
Red Hat Security Advisory 2014-1692-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
477e81c0daa2c159986f76e111440acbc133e23811a280839718932c86498c2c
Debian Linux Security Advisory 3053-1 - Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
be5632a50e45f3cb615e3418c715bac89d088636f75a6a4d5e8803d38f0c311a
Ubuntu Security Notice 2385-1 - It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Various other issues were also addressed.
3610dab117a43a7b9293af9e167e8bb4af5e8135c2525ce5ca35b38b19320408
Red Hat Security Advisory 2014-1652-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
1ea510abd5c281438bbcbb59438daf1e162e8b1f81ee81f34c73370873c4fe7d
Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
0cadf5356b8ab0e92a415510de66dc400ae0d423de69ab42a4d1237f20e2785c
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3