Download
| Alert*
oval:org.secpod.oval:def:700409
It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. oval:org.secpod.oval:def:200615 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:200522 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:200550 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:200630 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:400091 The OpenSSL certificate checking routines EVP_VerifyFinal can return negative values and 0 on failure. In some places negative values were not checked and considered successful verification. Prior to this update it was possible to bypass the certification chain checks of openssl. This advisory is fo ... oval:org.secpod.oval:def:600349 It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine . For the stable distribution , this problem has been fixed in version 0.9.8c-4etch4 of the openssl pack ... oval:org.secpod.oval:def:102056 The TrustedQSL library is used for generating digitally signed QSO records . This package contains the library and configuration files needed to run TrustedQSL applications. oval:org.secpod.oval:def:202691 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:202772 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:202013 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:202011 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:102285 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package and the ntpdate program is in the ntpdate pack ... oval:org.secpod.oval:def:202080 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:202005 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:301229 A vulnerability was found by the Google Security Team with how OpenSSL checked the verification of certificates. An attacker in control of a malicious server or able to effect a man-in-the-middle attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, whi ... oval:org.secpod.oval:def:200495 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:500635 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:101774 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.mitre.oval:def:7738 It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077). oval:org.secpod.oval:def:102023 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:101885 The TrustedQSL library is used for generating digitally signed QSO records . This package contains the library and configuration files needed to run TrustedQSL applications. oval:org.secpod.oval:def:200288 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:20023 The host is installed with OpenSSL 0.9.8i and earlier and is prone to signature verification vulnerability. A flaw is present in the application, which does not properly check the return value from the EVP_VerifyFinal function. Successful exploitation could allow remote attackers to bypass validatio ... oval:org.secpod.oval:def:101861 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package and the ntpdate program is in the ntpdate pack ... oval:org.secpod.oval:def:101675 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:102520 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:400301 This update adds openssl patches since 2007 for: - CVE-2008-5077 - CVE-2009-0590 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 |