Download
| Alert*
oval:org.secpod.oval:def:5800144
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName * openssl: read buffer overflow in X.509 certificate ve ... oval:org.secpod.oval:def:2600217 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. oval:org.secpod.oval:def:507580 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName * openssl: timing attack in RSA Decryption implementati ... oval:org.secpod.oval:def:90229 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:708682 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:96801 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:124976 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1506461 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed U ... oval:org.secpod.oval:def:89048218 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex . - CVE-2022-4304: F ... oval:org.secpod.oval:def:2501029 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:1506783 [20220126gitbb1bba3d77-4] - edk2-openssl-update.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581] - edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581] - Resolves: bz#2164531 - Resolves: bz#2164543 - Resolves: bz#2164558 - Resolves: bz#21 ... oval:org.secpod.oval:def:89048533 This update for openssl fixes the following issues: * CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed . * CVE-2023-0215: Fixed a use-after-free following BIO_new_NDEF . * CVE-2022-4304: Fixed a timing oracle in RSA decryption . The following non-security bug were fixed: * ... oval:org.secpod.oval:def:89948 The remote host is missing a patch 151913-22 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:125023 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1701141 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:89048213 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . - CVE-2022-4304: Fixed timing Oracle in RSA Decryption . oval:org.secpod.oval:def:1701140 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:87448 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89048211 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . - CVE-2022-4304: Fixed timing Oracle in RSA Decryption . oval:org.secpod.oval:def:1506546 [1:1.1.1k-9] - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-02 ... oval:org.secpod.oval:def:3300295 SUSE Security Update: Security update for openssl-3 oval:org.secpod.oval:def:2501065 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. oval:org.secpod.oval:def:89344 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure. Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20 ... oval:org.secpod.oval:def:2107989 Oracle Solaris 11 - ( CVE-2023-0215 ) oval:org.secpod.oval:def:4501396 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName * openssl: timing attack in RSA Decryption implementati ... oval:org.secpod.oval:def:1601638 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:507715 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName * openssl: timing attack in RSA Decryption implementation * openssl: double free after cal ... oval:org.secpod.oval:def:3300323 SUSE Security Update: Security update for openssl-1_0_0 oval:org.secpod.oval:def:707930 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:610380 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure. Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20 ... oval:org.secpod.oval:def:97711 [CLSA-2023:1676025596] openssl: Fix of 2 CVEs oval:org.secpod.oval:def:507561 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: read buffer overflow in X.509 certificate verification * openssl: timing attack in RSA Decryption impleme ... oval:org.secpod.oval:def:1506643 [20221207gitfff6d81270b5-9] - edk2-remove-amd-sev-feature-flag-from-secure-boot-builds-.patch [bz#2169247] - Resolves: bz#2169247 [20221207gitfff6d81270b5-8] - edk2-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174605] - Resolves: bz#2174605 [20221207gitfff6d81270b5-7] - edk2-Revert-Mde ... oval:org.secpod.oval:def:1506446 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed U ... oval:org.secpod.oval:def:125123 EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM. oval:org.secpod.oval:def:124994 EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM. oval:org.secpod.oval:def:89048231 This update for openssl1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . - CVE-2022-4304: Fixed timing Oracle in RSA Decryption . oval:org.secpod.oval:def:3300339 SUSE Security Update: Security update for openssl-1_1 oval:org.secpod.oval:def:89049075 This update for openssl-1_0_0 fixes the following issues: * CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . * CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . * CVE-2022-4304: Fixed timing Oracle in RSA Decryption . oval:org.secpod.oval:def:19500051 A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the applica ... oval:org.secpod.oval:def:1506490 [1:1.1.1k-9] - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-02 ... oval:org.secpod.oval:def:2600164 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:507659 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName * edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escala ... oval:org.secpod.oval:def:1701798 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:89048227 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . - CVE-2022-4304: Fixed timing Oracle in RSA Decryption . - testsuite: Update furthe ... oval:org.secpod.oval:def:89048225 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex . - CVE-2022-4304: F ... oval:org.secpod.oval:def:89048223 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification . - CVE-2023-0217: Fixed NULL pointer dereference valid ... oval:org.secpod.oval:def:89048221 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex . - CVE-2022-4304: F ... oval:org.secpod.oval:def:89953 The remote host is missing a patch 151912-22 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2108047 Oracle Solaris 11 - ( CVE-2023-21980 ) oval:org.secpod.oval:def:87434 The host is installed with OpenSSL 1.0.2 before 1.0.2zg, 1.1.1 before 1.1.1t or 3.0.0 before 3.0.8 or Oracle MySQL Server through 5.7.41 or 8.0.32 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle BIO_new_NDEF function. Successful exploitati ... oval:org.secpod.oval:def:707931 openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89208 The host is installed with Oracle MySQL Server through 5.7.41 or 8.0.32 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Packaging (OpenSSL). Successful exploitation allows attackers to affect Availability. oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... |