Download
| Alert*
oval:org.secpod.oval:def:60334
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:2101678 OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the expl ... oval:org.secpod.oval:def:43140 The host is installed with OpenSSL version 1.0.2b to 1.0.2m or Oracle MySQL Server through 5.6.38 or through 5.7.20 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle exceptional conditions. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:1600886 There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks a ... oval:org.secpod.oval:def:89044808 This update for openssl fixes the following issues: - OpenSSL Security Advisory [07 Dec 2017] * CVE-2017-3737: OpenSSL 1.0.2 introduced an \error state\ mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fai ... oval:org.secpod.oval:def:502273 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: bn_sqrx8x_internal carry bug on x86_64 * openssl: Read/write after SSL object in error state * openssl: ... oval:org.secpod.oval:def:53213 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked ... oval:org.secpod.oval:def:204794 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: bn_sqrx8x_internal carry bug on x86_64 * openssl: Read/write after SSL object in error state * openssl: ... oval:org.secpod.oval:def:1800624 CVE-2017-3737: Read/write after SSL object in error state. OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This w ... oval:org.secpod.oval:def:51959 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1800308 CVE-2017-3737: Read/write after SSL object in error state; OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This w ... oval:org.secpod.oval:def:603217 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked ... oval:org.secpod.oval:def:1502170 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:703928 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1000609 The remote host is missing a patch 151913-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000608 The remote host is missing a patch 151912-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1800596 CVE-2017-3737: Read/write after SSL object in error state OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This wo ... oval:org.secpod.oval:def:1700029 bn_sqrx8x_internal carry bug on x86_64There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to ... oval:org.secpod.oval:def:1800136 CVE-2017-3737: Read/write after SSL object in error state¶ OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake thenOpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. Th ... |