Download
| Alert*
oval:org.secpod.oval:def:703280
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:52808 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:35813 The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly ensure the use of constant-time operations. Successful exploitation allows local users to easily discover a D ... oval:org.secpod.oval:def:1501604 The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information. oval:org.secpod.oval:def:204094 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ... oval:org.secpod.oval:def:204093 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ... oval:org.secpod.oval:def:111444 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:37387 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1504092 [1.0.1e-48.3] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix C ... oval:org.secpod.oval:def:1501583 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:1501581 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:51509 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1800659 CVE-2016-2177 CVE-2016-2178 oval:org.secpod.oval:def:38971 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:602621 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:111384 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1600457 It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. It was discovered that the Dat ... oval:org.secpod.oval:def:89045357 This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] Severity: High * OCSP Status Request extension unbounded memory growth Severity: Low * Pointer arithmetic undefined behavior * Constant time flag not preserved in DSA signing * DTLS buffered message Do ... oval:org.secpod.oval:def:501879 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ... oval:org.secpod.oval:def:2100967 The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |