HP Security Bulletin HPSBMU02752 SSRT100802 - Potential security vulnerabilities have been identified with HP Insight Control Software for Linux (IC-Linux). The vulnerabilities could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS). Revision 1 of this advisory.
30bc52b92fd916034415c3776af5aa318ac48908a3cb84ed86e9a8ce99bb8554Red Hat Security Advisory 2011-1409-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
01d987f9abd7ae51e42235e9f23f32301971df3606cf424fa91e6650de6cd06aMandriva Linux Security Advisory 2011-137 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service via out-of-order messages that violate the TLS protocol.
83fe8b76f3683d9eb0fcf02ef6b3ea18f900160bf76d8b38af1184c342723125OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
e361dc2775733fb84de7b5bf7b504778b772869e8f7bfac0b28b935cbf7380f7OpenSSL Security Advisory 20110906 - Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order.
e9da132d7cfdd0e58bfe790f480f808942afb787408b07fb33a003fc57c5a491
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed