Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.
0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running OpenSSL. The vulnerability could be exploited remotely to execute arbitrary code.
11b7fa8be5a8647cf0d17688095f41e921b6b6c89dda9098b77c88256dcb410fMandriva Linux Security Advisory - A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users.
f791a9296c8d4400be0291b24e5962d68ebe3bd47ea912792d38fd87a0988fd5Gentoo Linux Security Advisory GLSA 200710-30:02 - Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified off-by-one error within the DTLS implementation. Versions greater than or equal to 0.9.8f are affected.
0d73f5bba0849e1ddcfad464c93bbf52c3b793bef96268a80458eb993f14cef2Ubuntu Security Notice 534-1 - Andy Polyakov discovered that the DTLS implementation in OpenSSL was vulnerable. A remote attacker could send a specially crafted connection request to services using DTLS and execute arbitrary code with the service's privileges. There are no known Ubuntu applications that are currently using DTLS.
a455a8829cdbb892ee170e6094e373948ebc9837f3b4f811e857e42664ff51e7OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
be5afd386f5d7acff019acaf46cdaad89a8b42cc9cee85d1adb2774627f32b42OpenSSL Security Advisory - Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. All versions of 0.9.8 prior to 0.9.8f are affected. Moritz Jodeit found an off-by-one error in SSL_get_shared_ciphers(), a function that should normally only be used for logging or debugging. All releases of 0.9.8 prior to 0.9.8f and all releases of 0.9.7 prior to 0.9.7m are affected.
7bae0080bc32d9ac211c47bda750e58d9bd0e2dedb613a782848c4bfdeb0e420OpenSSL Security Advisory 20071012 - Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected.
af582719a8ae86aed227c762b0680e7b01041c84d523533cf73b52a22ecf4779
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed