Apple Security Advisory 2014-10-20-1 - iOS 8.1 is now available and addresses bluetooth, insufficient cryptographic protection, and various other vulnerabilities.
2e164f01c6db9964bcf49a31c30cf308c0683a074854438dd1b12a474cb7e60eApple Security Advisory 2014-10-16-5 - OS X Server 2.2.5 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
5af3c877f1c0f7d56b5fe70975205827cf0ded076d78c6619f9d8839c352a4e2Apple Security Advisory 2014-10-16-4 - OS X Server 3.2.2 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
46ba22480de002e7aed6c88a776898ea8e7ee920e853511780e2c3865417a2afApple Security Advisory 2014-10-16-3 - OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.
1dbaa2d9e56d6c022558d94920c0f6e967f065a4281ff33a22add0e19be6d2f7Apple Security Advisory 2014-10-16-2 - Security Update 2014-005 is now available and addresses the OS X Mountain Lion 10.8.5 and OS X Mavericks 10.9.5 SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
0b9d9a49021e62db5c8e59801aa541c3c5172c5054a36da24cf3d99dcb08789aApple Security Advisory 2014-10-16-1 - OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.
e17fe6daa6716a8bb996f53f3b9274ff95d249dbc94abe68b17bc7bb23482ad5Debian Linux Security Advisory 3053-1 - Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
be5632a50e45f3cb615e3418c715bac89d088636f75a6a4d5e8803d38f0c311aSlackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
0cadf5356b8ab0e92a415510de66dc400ae0d423de69ab42a4d1237f20e2785cOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3OpenSSL Security Advisory 20141015 - A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. Other issues were also addressed.
7f813dab43819360edd0f61d0861444f45d4c41b0e985a636961e64207acbf57This security advisory discusses how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0.
b2ffe2b23e29fc61a2e99711e7ff799ee26f04addd8cccd1516efb84b8489efe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed