Download
| Alert*
|
oval:org.secpod.oval:def:506491
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:506376 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:89044082 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:89044041 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:506477 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:89044039 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:89044036 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:89044071 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:89044074 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:86335 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:86332 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:70385 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89044025 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:78642 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:1601419 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 , but the output ... oval:org.secpod.oval:def:89951 The remote host is missing a patch 151913-19 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:75962 edk2: UEFI firmware for virtual machines Several security issues were fixed in EDK II. oval:org.secpod.oval:def:706153 edk2: UEFI firmware for virtual machines Several security issues were fixed in EDK II. oval:org.secpod.oval:def:89956 The remote host is missing a patch 151912-19 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89043764 This update for nodejs10 fixes the following issues: New upstream LTS version 10.24.0: - CVE-2021-22883: HTTP2 "unknownProtocol" cause Denial of Service by resource exhaustion - CVE-2021-22884: DNS rebinding in --inspect - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate oval:org.secpod.oval:def:2106629 Oracle Solaris 11 - ( CVE-2020-8265 ) oval:org.secpod.oval:def:605442 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash were found, which could result in denial of servi ... oval:org.secpod.oval:def:69873 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash were found, which could result in denial of servi ... oval:org.secpod.oval:def:69229 The host is installed with OpenSSL 1.0.2 through 1.0.2x or 1.1.1 through 1.1.1i and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to correctly handle calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate. On successful exploitation, an ... oval:org.secpod.oval:def:2500492 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:2106578 Oracle Solaris 11 - ( CVE-2021-23840 ) oval:org.secpod.oval:def:4501352 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:205899 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:1505141 [1.0.2k-22] - fix CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash - fix CVE-2021-23840 openssl: integer overflow in CipherUpdate - Resolves: rhbz#1932132, rhbz#1932126 oval:org.secpod.oval:def:1700564 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 , but the output ... oval:org.secpod.oval:def:89049532 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash - Fixed unresolved error codes in FIPS . oval:org.secpod.oval:def:2500363 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. oval:org.secpod.oval:def:76222 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:1505287 [1:1.1.1k-4] - Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly se ... oval:org.secpod.oval:def:1505163 [1.0.2k-22] - fix CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash - fix CVE-2021-23840 openssl: integer overflow in CipherUpdate - Resolves: rhbz#1932132, rhbz#1932126 oval:org.secpod.oval:def:4501326 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:1700549 OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than ... oval:org.secpod.oval:def:1505246 [1:1.1.1k-4] - Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly se ... oval:org.secpod.oval:def:1505167 [1.0.2k-22_fips] - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] [1.0.2 ... oval:org.secpod.oval:def:705900 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:97548 [CLSA-2021:1632261785] Fixed CVE-2021-23840 in openssl oval:org.secpod.oval:def:2107810 Oracle Solaris 11 - ( CVE-2022-35256 ) oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... |
