Download
| Alert*
oval:org.secpod.oval:def:1504859
[1.0.2k-21.0.1] - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] oval:org.secpod.oval:def:69766 The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue. oval:org.secpod.oval:def:1800094 openssl is installed oval:org.secpod.oval:def:1601328 It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. ... oval:org.secpod.oval:def:1601250 An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past.All OpenSSL users should upgrade to these updated packages, which con ... oval:org.secpod.oval:def:201813 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ... oval:org.secpod.oval:def:201859 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ... oval:org.secpod.oval:def:600700 Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it e ... oval:org.secpod.oval:def:202080 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:89003069 This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown - Reject invalid EC point coordinates - Mitigate the quot;The 9 Lives of Bleichenbacher"s CAT: Cache ATtacks on TLS Implementationsquot; attack oval:org.secpod.oval:def:89003185 This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance . - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key . oval:org.secpod.oval:def:600621 Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar"s signing certificates can no longer be trusted. ... oval:org.secpod.oval:def:89003291 This update for openssl fixes the following issues: - Reject invalid EC point coordinates This helps openssl using services that do not do this verification on their own. oval:org.secpod.oval:def:89003167 This update for openssl fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher"s CAT: Cache Attacks on TLS Implementations - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a ... oval:org.secpod.oval:def:203124 openssl is installed oval:org.secpod.oval:def:202264 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ... oval:org.secpod.oval:def:202013 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:202011 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:600684 Several weak certificates were issued by Malaysian intermediate CA "Digicert Sdn. Bhd." This event, along with other issues, has lead to Entrust Inc. and Verizon Cybertrust to revoke the CA"s cross-signed certificates. This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this d ... oval:org.secpod.oval:def:202005 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:203456 OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ... oval:org.secpod.oval:def:89002919 This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli . Non-security issue fixed: - Fixed a crash in BN_copy . oval:org.secpod.oval:def:57439 Joran Dirk Greef discovered that overly long nonces used with ChaCha20-Poly1305 were incorrectly processed and could result in nonce reuse. This doesn"t affect OpenSSL-internal uses of ChaCha20-Poly1305 such as TLS. oval:org.secpod.oval:def:600187 Neel Mehta discovered that an incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expos ... oval:org.secpod.oval:def:89002872 This update for openssl fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME . oval:org.secpod.oval:def:601186 Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a ... oval:org.secpod.oval:def:601187 Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. The oldstable distribution is not affected. oval:org.secpod.oval:def:119643 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:89003405 This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance . - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key . oval:org.secpod.oval:def:89002314 This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack oval:org.secpod.oval:def:506843 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: EDIPARTYNAME NULL pointer de-reference For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:701680 openssl is installed oval:org.secpod.oval:def:89003451 This update for openssl fixes the following issues: - Included the missing cms and pk7 fixes of CVE-2019-1563 . oval:org.secpod.oval:def:701203 openssl: Secure Socket Layer cryptographic library and tools Details: USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending ... oval:org.secpod.oval:def:504740 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: Integer overflow in RSAZ ... oval:org.secpod.oval:def:67972 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: Integer overflow in RSAZ ... oval:org.secpod.oval:def:89045539 This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] oval:org.secpod.oval:def:89045564 This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] oval:org.secpod.oval:def:86352 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Read buffer overruns processing ASN.1 strings For more details about the security issue, including the im ... oval:org.secpod.oval:def:86335 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:2500557 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:122417 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:601256 This revision to the recent OpenSSL update, DSA-2896-1, checks for some services that may use OpenSSL in a way that they expose the vulnerability. Such services are proposed to be restarted during the upgrade to help in the actual deployment of the fix. The list of services that are checked is not c ... oval:org.secpod.oval:def:601255 A vulnerability has been discovered in OpenSSL"s support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. All users are u ... oval:org.secpod.oval:def:400610 This openssl update fixes one security issue: - bnc#872299: Fixed missing bounds checks for heartbeat messages . oval:org.secpod.oval:def:601270 Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-thre ... oval:org.secpod.oval:def:600769 Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue. oval:org.secpod.oval:def:202280 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ... oval:org.secpod.oval:def:203298 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or D ... oval:org.secpod.oval:def:203457 OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ... oval:org.secpod.oval:def:203010 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This coul ... oval:org.secpod.oval:def:204279 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ... oval:org.secpod.oval:def:19500014 If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing ser ... oval:org.secpod.oval:def:1503203 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:500308 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ... oval:org.secpod.oval:def:500175 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS ... oval:org.secpod.oval:def:500296 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition flaw has been found in the OpenSSL TLS server extension parsing code, which could affect some multithreaded OpenS ... oval:org.secpod.oval:def:500383 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ... oval:org.secpod.oval:def:500635 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:119219 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1801793 openssl: EDIPARTYNAME NULL pointer de-reference oval:org.secpod.oval:def:118191 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:117130 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1600918 Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security cl ... oval:org.secpod.oval:def:1600169 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. A memory leak flaw was found in the way an Ope ... oval:org.secpod.oval:def:1500761 Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ... oval:org.secpod.oval:def:1500771 Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ... oval:org.secpod.oval:def:1500437 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1600162 A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. It was discovered that the Datagram Transport Laye ... oval:org.secpod.oval:def:1500355 Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:106293 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:106243 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:106203 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:106317 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:4500034 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refe ... oval:org.secpod.oval:def:2500372 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:1505356 [1:1.1.1k-5] - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#2005400 oval:org.secpod.oval:def:1505417 [1:1.1.1k-5] - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#2005400 oval:org.secpod.oval:def:1505437 [1.0.2k-23] - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#1996054 oval:org.secpod.oval:def:1505436 [1.0.2k-23.0.1] - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] [1.0.2k ... oval:org.secpod.oval:def:1700731 It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial ... oval:org.secpod.oval:def:114224 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:114223 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1901614 ChaCha20-Poly1305 with long nonces oval:org.secpod.oval:def:1505581 [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt [CVE-2022-0778][Orabug: 33969800] [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fi ... oval:org.secpod.oval:def:78329 The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. oval:org.secpod.oval:def:506836 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:506807 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:506806 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:1601365 A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax ... oval:org.secpod.oval:def:1601366 An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengths when using a block cipher in CBC mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer oval:org.secpod.oval:def:1500102 Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1503739 Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rat ... oval:org.secpod.oval:def:600964 Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid ... oval:org.secpod.oval:def:700872 openssl: Secure Socket Layer cryptographic library and tools Applications using OpenSSL in certain situations could be made to crash or expose sensitive information. oval:org.secpod.oval:def:1503807 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:600786 Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. For reference, the original description of CVE-2012-2110 from DSA-2454-1 is quoted below: CVE-2012-2110 Tavis Ormandy, Google Security Te ... oval:org.secpod.oval:def:600782 Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack ... oval:org.secpod.oval:def:1503694 Updated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503632 Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a de ... oval:org.secpod.oval:def:500803 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ... oval:org.secpod.oval:def:202303 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ... oval:org.secpod.oval:def:202305 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ... oval:org.secpod.oval:def:500752 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ... oval:org.secpod.oval:def:1500085 Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are ava ... oval:org.secpod.oval:def:500754 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ... oval:org.secpod.oval:def:202342 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ... oval:org.secpod.oval:def:202344 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ... oval:org.secpod.oval:def:1503247 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:202572 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ... oval:org.secpod.oval:def:500773 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ... oval:org.secpod.oval:def:202321 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ... oval:org.secpod.oval:def:202325 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ... oval:org.secpod.oval:def:500789 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ... oval:org.secpod.oval:def:501010 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ... oval:org.secpod.oval:def:500176 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revoca ... oval:org.secpod.oval:def:20036 The host is installed with OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k or 1.0.1 before 1.0.1d and is prone to denial of service vulnerability. A flaw is in the application, which does not properly handle an invalid key. Successful exploitation allows remote OCSP servers to cause a denial of service. oval:org.secpod.oval:def:202626 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ... oval:org.secpod.oval:def:1601352 Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrar ... oval:org.secpod.oval:def:600812 It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service oval:org.secpod.oval:def:501220 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or D ... oval:org.secpod.oval:def:1600138 The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distingu ... oval:org.secpod.oval:def:1600259 It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding ... oval:org.secpod.oval:def:1600161 Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs "locked" to the 2014.03 repositories, openssl-1.0.1i-1.79.amzn1 also addresses this CVE. Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs ... oval:org.secpod.oval:def:601802 Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol extension data. A remote attacker could send multiple specially crafted handshake messa ... oval:org.secpod.oval:def:1500684 A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute a ... oval:org.secpod.oval:def:1500688 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:601750 Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service , information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed . Detailed descriptions of the vu ... oval:org.secpod.oval:def:203465 OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ... oval:org.secpod.oval:def:203395 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ... oval:org.secpod.oval:def:203399 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt function could fail to properly NUL-terminate its outp ... oval:org.secpod.oval:def:203400 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ... oval:org.secpod.oval:def:501405 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ... oval:org.secpod.oval:def:501427 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ... oval:org.secpod.oval:def:501363 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ... oval:org.secpod.oval:def:501365 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt function could fail to properly NUL-terminate its outp ... oval:org.secpod.oval:def:1600029 A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i ... oval:org.secpod.oval:def:1200139 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1 ... oval:org.secpod.oval:def:1200138 During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA ... oval:org.secpod.oval:def:106825 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:106829 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:501171 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This coul ... oval:org.secpod.oval:def:1501037 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ... oval:org.secpod.oval:def:1501036 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ... oval:org.secpod.oval:def:1800800 CVE-2016-2179 The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service by maintaining many crafted DTLS sessions simultaneously, related to d1_lib ... oval:org.secpod.oval:def:1800093 CVE-2016-2179: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service by maintaining many crafted DTLS sessions simultaneously, related to d1_li ... oval:org.secpod.oval:def:203645 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ... oval:org.secpod.oval:def:203644 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ... oval:org.secpod.oval:def:108313 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:203542 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote att ... oval:org.secpod.oval:def:203541 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote att ... oval:org.secpod.oval:def:1500918 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role. oval:org.secpod.oval:def:501577 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ... oval:org.secpod.oval:def:601907 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to ... oval:org.secpod.oval:def:602624 It was discovered that the original patch applied for CVE-2016-2182 in DSA-3673-1 was incomplete, causing a regression when parsing certificates. Updated packages are now available to address this problem. oval:org.secpod.oval:def:1800305 The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service via a crafted time-stamp file that is mishandled by the "openssl ts" command.. oval:org.secpod.oval:def:1502323 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1901120 0-byte record padding oracle oval:org.secpod.oval:def:503314 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle For more details about the security issue, including the impact, a CVSS scor ... oval:org.secpod.oval:def:2003713 The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communic ... oval:org.secpod.oval:def:69912 Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey and it was discovered that a feature of the random number generator intended to protect against shared RNG state between parent and child processes in the ... oval:org.secpod.oval:def:2004500 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are n ... oval:org.secpod.oval:def:1700317 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters . In those cases it is possible that such a group does not have the cofactor present. This can oc ... oval:org.secpod.oval:def:59577 Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey and it was discovered that a feature of the random number generator intended to protect against shared RNG state between parent and child processes in the ... oval:org.secpod.oval:def:604551 Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey and it was discovered that a feature of the random number generator intended to protect against shared RNG state between parent and child processes in the ... oval:org.secpod.oval:def:69873 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash were found, which could result in denial of servi ... oval:org.secpod.oval:def:1504797 [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] oval:org.secpod.oval:def:2500140 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:69573 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: EDIPARTYNAME NULL pointer de-reference For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:605337 David Benjamin discovered a flaw in the GENERAL_NAME_cmp function which could cause a NULL dereference, resulting in denial of service. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20201208.txt oval:org.secpod.oval:def:69825 David Benjamin discovered a flaw in the GENERAL_NAME_cmp function which could cause a NULL dereference, resulting in denial of service. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20201208.txt oval:org.secpod.oval:def:4501352 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:2500492 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:205899 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:1505246 [1:1.1.1k-4] - Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly se ... oval:org.secpod.oval:def:1505287 [1:1.1.1k-4] - Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly se ... oval:org.secpod.oval:def:67778 The host is installed with Microsoft Visual Studio, OpenSSL 1.0.2 through 1.0.2w, 1.1.1 through 1.1.1h or Oracle MySQL Server through 5.7.32 or 8.0.22 and is prone to a NULL pointer de-reference vulnerability. A flaw is present in the application, which fails to handle an issue in the GENERAL_NAME_c ... oval:org.secpod.oval:def:4501291 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:2500285 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:70840 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:1801877 empty oval:org.secpod.oval:def:507138 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: Signer certificate verification returns inaccurate re ... oval:org.secpod.oval:def:89046431 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:89046430 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:2600009 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:89046428 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:89046746 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode oval:org.secpod.oval:def:80405 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:81884 A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the c_rehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically e ... oval:org.secpod.oval:def:88355 Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. oval:org.secpod.oval:def:93352 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2023-0464 David Benjamin reported a flaw related to the verification of X.509 certificate chains that include policy constraints, which may result in denial of service. CVE-2023-0465 David Benjamin reported ... oval:org.secpod.oval:def:1501306 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1501268 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:602334 Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct colli ... oval:org.secpod.oval:def:1501292 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:501727 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to caus ... oval:org.secpod.oval:def:203798 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ... oval:org.secpod.oval:def:203787 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to caus ... oval:org.secpod.oval:def:501744 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ... oval:org.secpod.oval:def:203809 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ... oval:org.secpod.oval:def:89002405 This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recov ... oval:org.secpod.oval:def:1600875 RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys:OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process c ... oval:org.secpod.oval:def:503264 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle * openssl: timing side channel attack in the DSA signature algorithm For mo ... oval:org.secpod.oval:def:1501771 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205268 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle * openssl: timing side channel attack in the DSA signature algorithm For mo ... oval:org.secpod.oval:def:1501772 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89044816 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] Security issues fixed: - CVE-2016-7055: The x86_64 optimized montgomery multiplication may produce incorrect results - CVE-2017-3731: Truncated packet could crash via OOB read - CVE-2017-37 ... oval:org.secpod.oval:def:205170 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures For more details about the security issu ... oval:org.secpod.oval:def:89002192 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation . - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses . - CVE-2016-8610: Adjusted current fix and add missing error string ... oval:org.secpod.oval:def:1800846 CVE-2017-3731: Truncated packet could crash via OOB read If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the cra ... oval:org.secpod.oval:def:602756 Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running ... oval:org.secpod.oval:def:112006 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:112007 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:204437 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ... oval:org.secpod.oval:def:204438 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ... oval:org.secpod.oval:def:1700153 A microprocessor side-channel vulnerability was found on SMT architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.If an application encounters a fatal protocol error and then calls SSL_shutdown twice t ... oval:org.secpod.oval:def:48691 This is a flaw in the Intel processor execution engine sharing on SMT (e.g. Hyper-Threading) architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to ru ... oval:org.secpod.oval:def:1700120 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key oval:org.secpod.oval:def:502625 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures For more details about the security issu ... oval:org.secpod.oval:def:1600985 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key oval:org.secpod.oval:def:1600996 A microprocessor side-channel vulnerability was found on SMT architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. If an application encounters a fatal protocol error and then calls SSL_shutdown twice ... oval:org.secpod.oval:def:1600507 An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. A denial of service flaw was found in the way the TLS/SSL protocol defined pro ... oval:org.secpod.oval:def:501978 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ... oval:org.secpod.oval:def:66494 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:1800417 CVE-2017-3731: Truncated packet could crash via OOB read. If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the cr ... oval:org.secpod.oval:def:503412 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:97548 [CLSA-2021:1632261785] Fixed CVE-2021-23840 in openssl oval:org.secpod.oval:def:97569 [CLSA-2021:1633442910] Update of openssl oval:org.secpod.oval:def:97610 [CLSA-2022:1647550273] Fixed CVE-2022-0778 in openssl oval:org.secpod.oval:def:97633 [CLSA-2022:1651179831] Fix CVE: CVE-2020-1971 oval:org.secpod.oval:def:97634 [CLSA-2022:1651180462] Fixed CVE-2021-23841 in openssl oval:org.secpod.oval:def:97656 [CLSA-2022:1657817606] Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068 oval:org.secpod.oval:def:89049264 This update for openssl-1_0_0 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value oval:org.secpod.oval:def:95067 openssl: Secure Socket Layer cryptographic library and tools Details: USN-6435-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Linux Mint 20.x LTS. Original advisory OpenSSL could be made to consume resources and cause long delays if it processed certain input ... oval:org.secpod.oval:def:19500367 Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be mislead by ... oval:org.secpod.oval:def:1701602 Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check, DH_check_exor EVP_PKEY_param_check to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been ... oval:org.secpod.oval:def:89049150 This update for openssl fixes the following issues: * CVE-2023-3446: Fixed DH_check excessive time with over sized modulus . oval:org.secpod.oval:def:89049197 This update for openssl fixes the following issues: * CVE-2023-3446: Fixed DH_check excessive time with over sized modulus . oval:org.secpod.oval:def:19500264 Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no messagesize limit may experience notable to ... oval:org.secpod.oval:def:97732 [CLSA-2023:1687268961] openssl: Fix of CVE-2023-2650 oval:org.secpod.oval:def:97727 [CLSA-2023:1683236532] openssl: Fix of 3 CVEs oval:org.secpod.oval:def:87673 A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. This may result in an application crash which could lead to a denial of service. The TLS impl ... oval:org.secpod.oval:def:87670 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:89048483 This update for openssl fixes the following issues: * CVE-2022-4304: Fixed timing Oracle in RSA Decryption . oval:org.secpod.oval:def:87671 A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be c ... oval:org.secpod.oval:def:87672 A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (for example, "CERTIFICATE"), any header data, and the payload data. If the function succeeds, then the "name_out," "header," and ... oval:org.secpod.oval:def:87669 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:507661 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption For more details about the security issu ... oval:org.secpod.oval:def:19500113 AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, s ... oval:org.secpod.oval:def:1506695 [3.0.7-6.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-6] - Fixes RNG slowdown in FIPS mode Resolves: rhbz#2168224 [1:3.0.7-5] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double f ... oval:org.secpod.oval:def:202091 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general purpose cryptography library. Datagram TLS is a protocol based on TLS that is capable of securing datagram transport . Multiple denial of service flaws were dis ... oval:org.secpod.oval:def:500658 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general purpose cryptography library. Datagram TLS is a protocol based on TLS that is capable of securing datagram transport . Multiple denial of service flaws were dis ... oval:org.secpod.oval:def:201982 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general purpose cryptography library. Datagram TLS is a protocol based on TLS that is capable of securing datagram transport . Multiple denial of service flaws were dis ... oval:org.secpod.oval:def:96485 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:19500484 A bug has been identified in the processing of key and initialisation vector lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cip ... oval:org.secpod.oval:def:1200038 LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange . An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in wh ... oval:org.secpod.oval:def:1501022 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ... oval:org.secpod.oval:def:1501023 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ... oval:org.secpod.oval:def:109274 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:109268 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:203638 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ... oval:org.secpod.oval:def:109202 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:203639 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ... oval:org.secpod.oval:def:109227 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1501059 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ... oval:org.secpod.oval:def:203662 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ... oval:org.secpod.oval:def:501573 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ... oval:org.secpod.oval:def:501585 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ... oval:org.secpod.oval:def:1600397 A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. It was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an ... oval:org.secpod.oval:def:1501503 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:110097 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1501379 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ... oval:org.secpod.oval:def:1501381 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ... oval:org.secpod.oval:def:1501380 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ... oval:org.secpod.oval:def:501818 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:501822 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:501829 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:110297 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:110488 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:204130 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:1501454 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools. oval:org.secpod.oval:def:1501463 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ... oval:org.secpod.oval:def:89044635 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed - CVE-2016-8610: A remote denial of service in SSL alert handling was ... oval:org.secpod.oval:def:110255 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1501483 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ... oval:org.secpod.oval:def:501772 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:501773 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:110462 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:89045365 This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory allocation - CVE-2016-0702: Side c ... oval:org.secpod.oval:def:203850 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:89045356 This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the DROWN attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbache ... oval:org.secpod.oval:def:203851 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:602398 Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which m ... oval:org.secpod.oval:def:38969 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ... oval:org.secpod.oval:def:400661 This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenba ... oval:org.secpod.oval:def:400786 This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ... oval:org.secpod.oval:def:1600367 A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicl ... oval:org.secpod.oval:def:400742 This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a B ... oval:org.secpod.oval:def:203849 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:400727 This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ... oval:org.secpod.oval:def:203943 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:203932 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:204175 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ... oval:org.secpod.oval:def:502153 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:203581 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ... oval:org.secpod.oval:def:203574 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ... oval:org.secpod.oval:def:501541 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ... oval:org.secpod.oval:def:501540 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ... oval:org.secpod.oval:def:501555 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ... oval:org.secpod.oval:def:602003 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1_TYPE_cmp function can be crashed, resulting in denial of service. CVE-2015 ... oval:org.secpod.oval:def:108526 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1200089 A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially-crafted certificate was imported. A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A malicious client ... oval:org.secpod.oval:def:1500983 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ... oval:org.secpod.oval:def:203608 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ... oval:org.secpod.oval:def:1500952 An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. oval:org.secpod.oval:def:1500953 An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. oval:org.secpod.oval:def:500435 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after pre ... oval:org.secpod.oval:def:201760 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after pre ... oval:org.secpod.oval:def:201879 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after pre ... oval:org.secpod.oval:def:201797 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand function. An attacker able to trigger a mem ... oval:org.secpod.oval:def:500412 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand function. An attacker able to trigger a mem ... oval:org.secpod.oval:def:201721 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand function. An attacker able to trigger a mem ... oval:org.secpod.oval:def:87675 A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available, ... oval:org.secpod.oval:def:87674 A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function, most likely leading to an application crash. This function can be called on public keys supplied from untrusted ... oval:org.secpod.oval:def:507580 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName * openssl: timing attack in RSA Decryption implementati ... oval:org.secpod.oval:def:1701140 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:19500051 A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the applica ... oval:org.secpod.oval:def:97711 [CLSA-2023:1676025596] openssl: Fix of 2 CVEs oval:org.secpod.oval:def:610380 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure. Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20 ... oval:org.secpod.oval:def:507561 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: read buffer overflow in X.509 certificate verification * openssl: timing attack in RSA Decryption impleme ... oval:org.secpod.oval:def:1506446 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed U ... oval:org.secpod.oval:def:89344 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure. Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20 ... oval:org.secpod.oval:def:1506461 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed U ... oval:org.secpod.oval:def:89048533 This update for openssl fixes the following issues: * CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed . * CVE-2023-0215: Fixed a use-after-free following BIO_new_NDEF . * CVE-2022-4304: Fixed a timing oracle in RSA decryption . The following non-security bug were fixed: * ... oval:org.secpod.oval:def:89051122 This update for openssl fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service . oval:org.secpod.oval:def:1701962 Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key togenerate an X9.42 DH key may experience long delays. Likewise, applicationsthat use DH_check_pub_key ... oval:org.secpod.oval:def:19500510 Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key togenerate an X9.42 DH key may experience long delays. Likewise, applicationsthat use DH_check_pub_key ... oval:org.secpod.oval:def:1507220 [1:1.1.1k-12] - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series Resolves: RHEL-17696 [1:1.1.1k-11] - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] - ... oval:org.secpod.oval:def:509104 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: openssl: Incorrect cipher key and IV length processing For more details about the security issue, including the impa ... oval:org.secpod.oval:def:98735 openssl: Secure Socket Layer cryptographic library and tools Add implicit rejection in PKCS#1 v1.5 in OpenSSL. oval:org.secpod.oval:def:19500080 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:5800084 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For m ... oval:org.secpod.oval:def:87130 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 oval:org.secpod.oval:def:89044808 This update for openssl fixes the following issues: - OpenSSL Security Advisory [07 Dec 2017] * CVE-2017-3737: OpenSSL 1.0.2 introduced an \error state\ mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fai ... oval:org.secpod.oval:def:1500685 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ea ... oval:org.secpod.oval:def:1800624 CVE-2017-3737: Read/write after SSL object in error state. OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This w ... oval:org.secpod.oval:def:53471 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. oval:org.secpod.oval:def:89043975 This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key fo ... oval:org.secpod.oval:def:1500594 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions ... oval:org.secpod.oval:def:1200112 A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. A memory leak vulnerability was ... oval:org.secpod.oval:def:1500637 It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. oval:org.secpod.oval:def:1501604 The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information. oval:org.secpod.oval:def:1700093 During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ... oval:org.secpod.oval:def:204094 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ... oval:org.secpod.oval:def:204093 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ... oval:org.secpod.oval:def:1500775 Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport ... oval:org.secpod.oval:def:107815 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:107818 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:502273 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: bn_sqrx8x_internal carry bug on x86_64 * openssl: Read/write after SSL object in error state * openssl: ... oval:org.secpod.oval:def:97563 [CLSA-2021:1632262317] Fixed CVEs in openssl: CVE-2021-3712, CVE-2018-0737, CVE-2018-0739, CVE-2018-0732 oval:org.secpod.oval:def:1800720 CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read; If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer over read. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m ... oval:org.secpod.oval:def:113486 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:113480 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1500551 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:89002060 This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key fo ... oval:org.secpod.oval:def:1500558 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:89044657 This update for openssl fixes the following issues: Security issues fixed: - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 - Out of bounds read+crash in DES_fcrypt - openssl DEFAULT_SUSE cipher ... oval:org.secpod.oval:def:1502342 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502341 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113571 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:204794 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: bn_sqrx8x_internal carry bug on x86_64 * openssl: Read/write after SSL object in error state * openssl: ... oval:org.secpod.oval:def:1501275 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:1501274 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:602621 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:111384 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:203332 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ... oval:org.secpod.oval:def:203336 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ... oval:org.secpod.oval:def:1700029 bn_sqrx8x_internal carry bug on x86_64There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to ... oval:org.secpod.oval:def:111444 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1501583 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:1501581 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:1600942 During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ... oval:org.secpod.oval:def:107025 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:107028 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1600954 Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacke ... oval:org.secpod.oval:def:1800292 CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version openssl 1.0.2m, o ... oval:org.secpod.oval:def:1300308 Multiple vulnerabilities has been discovered and corrected in openssl: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service via a DTLS hello message in an invalid DTLS handsh ... oval:org.secpod.oval:def:501303 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ... oval:org.secpod.oval:def:501305 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ... oval:org.secpod.oval:def:501306 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ... oval:org.secpod.oval:def:89045357 This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] Severity: High * OCSP Status Request extension unbounded memory growth Severity: Low * Pointer arithmetic undefined behavior * Constant time flag not preserved in DSA signing * DTLS buffered message Do ... oval:org.secpod.oval:def:1600886 There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks a ... oval:org.secpod.oval:def:501726 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:603582 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. oval:org.secpod.oval:def:603338 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ... oval:org.secpod.oval:def:1800136 CVE-2017-3737: Read/write after SSL object in error state¶ OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake thenOpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. Th ... oval:org.secpod.oval:def:203783 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:203782 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:108338 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1502170 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:501879 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ... oval:org.secpod.oval:def:602296 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL point ... oval:org.secpod.oval:def:108520 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:115169 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:53292 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ... oval:org.secpod.oval:def:53169 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ... oval:org.secpod.oval:def:1800214 A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0but was omitted from OpenSSL 1.0.2i. As a result any attempt to useCRLs in OpenSSL 1.0.2i will crash with a null pointer exception. OpenSSL 1.0.2i users should upgrade to 1.0.2j Reference: oval:org.secpod.oval:def:107332 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1600452 A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enab ... oval:org.secpod.oval:def:109986 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:107326 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1600457 It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. It was discovered that the Dat ... oval:org.secpod.oval:def:1800596 CVE-2017-3737: Read/write after SSL object in error state OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This wo ... oval:org.secpod.oval:def:603153 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ... oval:org.secpod.oval:def:501321 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ... oval:org.secpod.oval:def:1800544 CVE-2016-2183: SWEET32 Mitigation. SWEET32 oval:org.secpod.oval:def:1800308 CVE-2017-3737: Read/write after SSL object in error state; OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This w ... oval:org.secpod.oval:def:109800 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:115123 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:36844 The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information. oval:org.secpod.oval:def:1800659 CVE-2016-2177 CVE-2016-2178 oval:org.secpod.oval:def:1600028 It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, b ... oval:org.secpod.oval:def:89049636 This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unre ... oval:org.secpod.oval:def:1800554 CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read. If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m, ... oval:org.secpod.oval:def:98696 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1702168 Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attackThe package openssl098e is provided purely for binary compatibility with older Amazon Linux versions. It does not receive security updates oval:org.secpod.oval:def:206022 Security Fix: openssl: X.400 address type confusion in X.509 GeneralName For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:708111 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:87668 A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp ca ... oval:org.secpod.oval:def:507585 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName For more details about the security issue, including th ... oval:org.secpod.oval:def:708743 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:507574 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName For more details about the security issue, including th ... oval:org.secpod.oval:def:89048735 This update for openssl fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . * CVE-2023-0466: Certificate policy check were not enabled . oval:org.secpod.oval:def:89048751 This update for openssl fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . oval:org.secpod.oval:def:89581 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:91510 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89048522 This update for openssl fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:89048520 This update for openssl fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:91743 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89051573 This update for openssl fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case . oval:org.secpod.oval:def:89051641 This update for openssl fixes the following issues: * CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file . oval:org.secpod.oval:def:98221 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:98767 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:125789 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:125796 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:89048914 This update for openssl fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers . oval:org.secpod.oval:def:610588 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2023-0464 David Benjamin reported a flaw related to the verification of X.509 certificate chains that include policy constraints, which may result in denial of service. CVE-2023-0465 David Benjamin reported ... oval:org.secpod.oval:def:1506618 [3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-16] - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211396 [1:3.0.7-15.1] - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 p ... oval:org.secpod.oval:def:19500030 A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of co ... oval:org.secpod.oval:def:2600277 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:89048937 This update for openssl fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers . * Update further expiring certificates that affect test cases . oval:org.secpod.oval:def:91512 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:91748 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. |