HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.
e61c4c47ea35e2d55864412f5203f99d8a7b3341bdcde1891b49d16f6e840b6b
OpenSSL versions 0.9.8f through 0.9.8m remote denial of service exploit.
d619ba947842d0aec5a867578cea9e2b0780420df00ddb7b8adf844e4c572ed9
Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Packages for 2009.0 are provided due to the Extended Maintenance Program.
11172d56889cc352548682b796e598baf6508870d7731f05c4647b445fbd3c72
Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.
1b59ceccf86720022917393ba8d2460f6083ecf14b3020ddf7d6270d3d69d8ef
HP Security Bulletin - Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).
c857682698953533dc63f2a6dcb131ef084d3854fb472410abd958573610c961
OpenSSL Security Advisory 20100324 - In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL.
3cf5a241a759df02e4d637d7771edfa021c95951c620577159d5cc0dd584eb6a