Gentoo Linux Security Advisory 201412-39 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Versions less than 1.0.1j are affected.
a8911a2cd573d9d9b7a21dda6fda6b8c703d63c5dd4ba76095ba2d228441fbaeHP Security Bulletin HPSBMU02998 4 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.
b3fa1d0558fcbc91c2bc9655d1753596f578e24bdc3fbc14379ffefcbeff95b9HP Security Bulletin HPSBMU02998 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.
c9685c1be9739974f18aeecc3433961057ad78f3c535bd0a7eebe068b0ba2914HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
733ae6b6c797c2f872b96a8cfe71841d57f9fd119cfbb08abf8bc944a7445c49Mandriva Linux Security Advisory 2014-007 - The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. The updated packages have been patched to correct this issue.
7a7edc673b8aa4809fa4882410bf5431e74327edd08dae83d3353c992b6391baFreeBSD Security Advisory - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2.
8cfc9cbab96b1b477732894dceb5515843f94bda1957f4f8b56f78b5d7e6a1d7Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
ebc0bf7db2c1373c3cec26d9751559ebf1ff1de1ec43698726547a8808565a5dOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5aUbuntu Security Notice 2079-1 - Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
8b01c75a1f6dc71ca305dc74fc6913c030cad0950cfba7ec713698b31175de80Red Hat Security Advisory 2014-0015-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash.
e810c2f62369368cb293ec77fdf44a3403252f30e6633f76d3085aec1b4a7d94Debian Linux Security Advisory 2833-1 - was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested.
56f45ba1a08e9fe54a9e11c085f0d99ae3cf6d0d984ba08ef5105d675e05005a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed