Download
| Alert*
oval:org.secpod.oval:def:1600886
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks a ... oval:org.secpod.oval:def:89044808 This update for openssl fixes the following issues: - OpenSSL Security Advisory [07 Dec 2017] * CVE-2017-3737: OpenSSL 1.0.2 introduced an \error state\ mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fai ... oval:org.secpod.oval:def:2101940 There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks a ... oval:org.secpod.oval:def:1800624 CVE-2017-3737: Read/write after SSL object in error state. OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This w ... oval:org.secpod.oval:def:1800308 CVE-2017-3737: Read/write after SSL object in error state; OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This w ... oval:org.secpod.oval:def:603217 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked ... oval:org.secpod.oval:def:603338 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ... oval:org.secpod.oval:def:53292 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... oval:org.secpod.oval:def:1800136 CVE-2017-3737: Read/write after SSL object in error state¶ OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake thenOpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. Th ... oval:org.secpod.oval:def:502273 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: bn_sqrx8x_internal carry bug on x86_64 * openssl: Read/write after SSL object in error state * openssl: ... oval:org.secpod.oval:def:53213 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked ... oval:org.secpod.oval:def:204794 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: bn_sqrx8x_internal carry bug on x86_64 * openssl: Read/write after SSL object in error state * openssl: ... oval:org.secpod.oval:def:80318 The host is installed with OpenSSL 1.0.2 through 1.0.2m or 1.1.0 through 1.1.0g and is prone to an information disclosure vulnerability. A flaw is present in the AVX2 Montgomery multiplication procedure, which has overflow bug. Successful exploitation could allow attackers to obtain sensitive privat ... oval:org.secpod.oval:def:51959 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1502170 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:703928 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1000609 The remote host is missing a patch 151913-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000608 The remote host is missing a patch 151912-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1800596 CVE-2017-3737: Read/write after SSL object in error state OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This wo ... oval:org.secpod.oval:def:1700029 bn_sqrx8x_internal carry bug on x86_64There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to ... oval:org.secpod.oval:def:1000687 The remote host is missing a patch 151913-12 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000767 The remote host is missing a patch 151912-12 containing a security fix. For more information please visit the reference link. |