Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.
0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087VMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.
b9fc79fc6d73c8635a227013728cb6e8490b89d0d62d24c585fa37fd7cbfa221VMware Security Advisory - There is an OpenPegasus PAM authentication buffer overflow and updated service console packages are available.
483d9d8f7624eaf97e973bf1a873f074836e2faa50411880fd4a74ea047d49c1VMware Security Advisory - Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. Additionally, various service console packages have been updated.
be7e78ccb4f20704221fb7366e2271392d4aa26ec0d833801cc6ea984541e69fGentoo Linux Security Advisory GLSA 200710-06 - Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Versions less than 0.9.8e-r3 are affected.
0b7f742d6f45bd21e2f630fffb548c74e417ec802f803d9f557efab7654c51fdMandriva Linux Security Advisory - A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the application's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code.
e2a55a0ddfe0e74375fa35335a37ec3b8f8a492c3c7d3bbcc030dfe764c45c83Ubuntu Security Notice 522-1 - It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.
07593e231df1e5dc0f594139f370e808bd38529d8959b1b5b701f3d15f5be2e0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed