Gentoo Linux Security Advisory 201408-19 - Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.
25cba7cb86e5c00a8edba21108a03562ceee1d3bf37cd0e99baa6eabd8e19dc3HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.
a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870dVMware Security Advisory - VMWare has addressed a folder traversal vulnerability, an insecure named pipe vulnerability, libpng, and various other bits and pieces.
42fe37cf6697bb1a04612faac0d018560285c356a5e5480bf92552485d44e572HP Security Bulletin - Potential security vulnerabilities have been identified HP System Management
bad94072ba0de67832d1266e25833ffd96de150db9736aa61c3b1fa67d1c6f2dHP Security Bulletin - Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).
0797a1c3b43486be060117b3832720006fb08eef29b1802532b5a91390b0e977HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
fb34fe32681e54ea1b2ae027c31fa571dc9e387af2e91bbce978f3e237b581d4VMware Security Advisory - The VMware ESX server has new patches released that address a slew of security issues.
dc4dfe67a9b27831f0fffe3d8c6400d518a4c37b965e985d23a76ba126eb8357Mandriva Linux Security Advisory MDKSA-2006-207 - The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem. BIND uses RSA cryptography as part of its DNSSEC implementation.
04844bb9f90e36eee3500f3a14039e283c71395210931aac5bca624f2996a049HP Security Bulletin - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access.
d01ed72e038f4f53a275c9627a15cf6a2017e8393e94582bed17e67826d13468Debian Security Advisory 1174-1 - Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
a706ca8daebe1a20162ca9c0a63080077b01003906a46dfb43df58631c265f21Debian Security Advisory 1173-1 - Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
3420f65279ac1de55b8db1ac9b60978b8f7fbe7ad94f8340455c188db713dc67FreeBSD Security Advisory - When verifying a PKCS#1 version 1.5 signature, OpenSSL ignores any bytes which follow the cryptographic hash being signed. In a valid signature there will be no such bytes.
b12a2d894db6fb7f3b6c529ad1fe3cac50460ba14815fe9a015f3369107f278fMandriva Linux Security Advisory MDKSA-2006-161 - Daniel Bleichenbacher recently described an attack on PKCS #1 version 1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 version 1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 version 1.5, including software uses OpenSSL for SSL or TLS.
86907d7bcb3bf538c9b78a910f70dfa76124fc22f9b4a679a734619d66a77555Ubuntu Security Notice USN-339-1 - Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 version 1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.
f353aeb0d2f6e5450daa438299f434f33461047f6023cd7eeb31a4405527fa8eOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
9bbce75d55c03fad47f7ca5e6790facca4b203b28c6c33428d1a471ef73ee622OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
896f7830c1921688f22c6fe4fb3d7b75189cefdd79acca5fb0cad2b599139048OpenSSL Security Advisory - Daniel Bleichenbacher recently described an attack on PKCS #1 version 1.5 signatures. If an RSA key with exponent 3 is used it may be possible to forge a PKCS #1 version 1.5 signature signed by that key. Implementations may incorrectly verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. Since there are CAs using exponent 3 in wide use, and PKCS #1 version 1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable, as well as any other use of PKCS #1 version 1.5. This includes software that uses OpenSSL for SSL or TLS. OpenSSL versions up to 0.9.7j and 0.9.8b are affected.
59a33c2a45a20df8da2bc65f9fd698a4d6aa23493f9cf7320628b4071df05671
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed