Download
| Alert*
oval:org.secpod.oval:def:89003185
This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance . - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key . oval:org.secpod.oval:def:63623 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89003405 This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance . - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key . oval:org.secpod.oval:def:66805 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: side-channel weak encryption vulnerability * openssl: information disclosure in fork * openssl: informat ... oval:org.secpod.oval:def:89003414 This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key In addition fixed invalid c ... oval:org.secpod.oval:def:64111 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:64112 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:60340 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:65699 openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:67024 openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89050923 This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key oval:org.secpod.oval:def:89050750 This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key oval:org.secpod.oval:def:1000861 The remote host is missing a patch 151913-16 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:117157 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:117130 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1000871 The remote host is missing a patch 151912-16 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:63624 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89000572 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli . - CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transported key . - ... oval:org.secpod.oval:def:2105359 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have t ... oval:org.secpod.oval:def:705491 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1504181 [1.1.1c-15] - add selftest of the RAND_DRBG implementation [1.1.1c-14] - fix incorrect error return value from FIPS_selftest_dsa - S390x: properly restore SIGILL signal handler [1.1.1c-12] - additional fix for the edk2 build [1.1.1c-9] - disallow use of SHA-1 signatures in TLS in FIPS mode [1.1.1c-8 ... oval:org.secpod.oval:def:59246 The host is installed with Oracle VM VirtualBox 5.2.x before 5.2.34 or 6.0.x before 6.0.14 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core (OpenSSL). Successful exploitation allows attackers to affect confidentiality. oval:org.secpod.oval:def:1700317 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters . In those cases it is possible that such a group does not have the cofactor present. This can oc ... oval:org.secpod.oval:def:604551 Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey and it was discovered that a feature of the random number generator intended to protect against shared RNG state between parent and child processes in the ... oval:org.secpod.oval:def:604550 Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. oval:org.secpod.oval:def:69912 Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey and it was discovered that a feature of the random number generator intended to protect against shared RNG state between parent and child processes in the ... oval:org.secpod.oval:def:59577 Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey and it was discovered that a feature of the random number generator intended to protect against shared RNG state between parent and child processes in the ... oval:org.secpod.oval:def:59576 Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. oval:org.secpod.oval:def:69520 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: side-channel weak encryption vulnerability * openssl: information disclosure in fork * openssl: informat ... oval:org.secpod.oval:def:1700364 In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted wit ... oval:org.secpod.oval:def:59206 The host is installed with Oracle VM VirtualBox before 5.2.34, prior to 6.0.14 or Oracle MySQL Server through 5.6.46, 5.7.26 or 8.0.18 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core (OpenSSL). Successful exploitation ... oval:org.secpod.oval:def:58644 The host is installed with OpenSSL 1.1.0 through 1.1.0k, 1.0.2 through 1.0.2s or 1.1.1 through 1.1.1c, Oracle VM VirtualBox before 5.2.34, prior to 6.0.14 or Oracle MySQL Server through 5.6.46, 5.7.26 or 8.0.18and is prone to a ECDSA remote timing attack vulnerability. A flaw is present in the appli ... |