HP Security Bulletin HPSBST03642 3 - Security vulnerabilities in OpenSSL and OpenSSH were addressed in HPE StoreVirtual products using LeftHand OS. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information, additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in arbitrary code execution, unauthorized access, disclosure of information, or Denial of Service (DoS). Revision 3 of this advisory.
864bcff09d4a86c839035348112fa45614c1f5e5a95ea128a61d9122002eb2f1
Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
e171ec43c2e20ccaebff7416a52645d7f17fe5f2ac7aa5376af3eb0518dd7115
Apple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.
4e7c77251432e1559177fbfc860df8439663744f27a763ac3194f1ebdf0e44e0
HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.
74c6011fdf049e842deed96044d5db0c591aa6e4838740959a4510208f32ffef
EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);
8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34
HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.
30ec904a6c5c9b83f25c8416bbe55a4e98f45470d07086d87abb9523fa9c1f14
HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.
9b97ca3342a8fe043d011e3fbc87f0bef6c8bf5869678631e38d1bc64e95c33b
HP Security Bulletin HPSBMU03074 - Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. Revision 1 of this advisory.
1a4d710e9dd7291eeed8fb57906255564db16e374b955cf64cee067d9ffb017e
HP Security Bulletin HPSBGN03050 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
9842436300db478ec8d27f3b8423dc7d10b75ee1f6ad9db17647d95a1f9ff8a2
HP Security Bulletin HPSBMU03051 2 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 2 of this advisory.
a8b4016c09a06b99a77961252874991fb1d5f4b7f94d12df1115b2d59481596b
HP Security Bulletin HPSBMU03056 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
b614877919ffd8acdaa97393db4294d3cac0f62dcd1d3c07cbb31e1f020b0139
HP Security Bulletin HPSBMU03057 - Potential security vulnerabilities have been identified with HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
d2900fe18279864e2d174ab252466414338a67aafa6110a5ff22a7ed7b064f41
HP Security Bulletin HPSBMU03051 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
385e5e6edf1d7ef7bbc8050d651def4d345aba8a057fa2b355d6c87431ead849
HP Security Bulletin HPSBOV03047 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
e545961d2486992ac5cd08c4a4d901c108cc777140b0a87c47be2e344c642f8a
HP Security Bulletin HPSBUX03046 SSRT101590 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 2 of this advisory.
82b711db58c11d9acdbe01d1244f27e7cce6fb0f760c5bd171d01059147203d5
HP Security Bulletin HPSBUX03046 SSRT101590 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 1 of this advisory.
d75f304dc6572576f762b5741032d4dc9efdd2bc7c88b604e7c4c29467b6abe9
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093
OpenSSL suffers from SSL/TLS MITM, DTLS recursion, DTLS invalid fragment, SSL_MODE_RELEASE_BUFFERS NULL pointer dereference, session injection, and various other vulnerabilities.
c8a76479616787fe605580247ae03de77e71fa40907ab2828faf37a7315964ee
Debian Linux Security Advisory 2908-1 - Multiple vulnerabilities have been discovered in OpenSSL.
1e1101b8987cc87f8cfb060a6dddc362dd65365e2f6e99e63f005af8b1abfeeb
FreeBSD Security Advisory - FreeBSD is alerting everyone to multiple OpenSSL vulnerabilities. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.
66de8322e20a842eb886df05af8ec617a08fa29b761f8d1ec57df62b02a3009b
Mandriva Linux Security Advisory 2014-067 - The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
a127887900d2b929726e76323b76e1d45cc581c61d96285182096fdc43b7f4e5
Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
cbd69fa7127b1d2897618471567a32c476868f13b4a86d93ce55cb40cf6bd0f5
Gentoo Linux Security Advisory 201404-7 - Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors. Versions less than 1.0.1g are affected.
5a052eecc5f9820f2774d8bfc627f2dcb6074aeb700f13c087a5702f55105cee
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028
Ubuntu Security Notice 2165-1 - Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. Various other issues were also addressed.
f2b6af710c9e36df9d737d33d189c7c4552996014d2a9d3f94e1a4b698dfa7de