HP Security Bulletin HPSBMU03018 - A potential security vulnerability has been identified with HP Software Asset manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
332978aeae4871a3152a70a5202180bdb05e8d1bab52276229dfca74fca337fb
HP Security Bulletin HPSBMU03017 - A potential security vulnerability has been identified with HP Software Connect-IT running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
eedf0b7a61c757e800c92074f51a4c6d976e18cc6856501acdf52c8e7f2f3e73
HP Security Bulletin HPSBMU03019 - A potential security vulnerability has been identified with HP Software UCMDB Browser and Configuration Manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
c477c805172e3484a7c8c365a44202e98084581b278701e1977105ff9030b9fe
HP Security Bulletin HPSBMU02994 2 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
af46d77b342275c81dad243aee72e2543c47821cf6a2716985ee0ca5b3afb9f6
HP Security Bulletin HPSBMU03012 - A potential security vulnerability has been identified with HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
6c05a0c36bd187bdcc660daf592bb50425bc02d0f86c606f509cebeb253e72c9
HP Security Bulletin HPSBMU02995 4 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 4 of this advisory.
33e0d5284e68173cae785275eb350a4a7bf30068e9220a8329d1a7271fef9654
HP Security Bulletin HPSBMU02995 3 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 3 of this advisory.
86765e24d5fcb7d4170feb34ec2d8d7db6999d8047673df3d2fb46a973590cdb
HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
733ae6b6c797c2f872b96a8cfe71841d57f9fd119cfbb08abf8bc944a7445c49
HP Security Bulletin HPSBGN03010 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
172c320e016b03571bbe375dc655cf8d96104b9638eb6a31af4da51d7f8d2058
HP Security Bulletin HPSBGN03008 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
dc12ff4b97cc7f7bde3e57c9bc930be617618f08358ac5d4132d942d76cef2c1
Red Hat Security Advisory 2014-0416-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
0032421aec1d1d27f91354a5fea1ce01a8e83f64e4d39583854c2b9d91e466a1
HP Security Bulletin HPSBMU02999 - A potential vulnerability exists in HP Autonomy WorkSite Server (on-premises software) running OpenSSL. The vulnerability can be exploited to allow remote disclosure of information. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
2ade1a02b85d543c8f621e8b2e60d0f7b8765b928d4f613aee862c249d6eab42
HP Security Bulletin HPSBST03001 - A potential security vulnerability has been identified with HP XP P9500 Disk Array running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
a4486d1e4a27dcf59435499f16a993dc43c9f57f6e185edd0623b6c166498376
HP Security Bulletin HPSBMU02998 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) running on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
929b3f2cd69d6c070b694f99b566bce425a57f971ca91ac7a122afe88f7eb2f4
HP Security Bulletin HPSBMU02997 - A potential security vulnerability has been identified with HP Smart Update Manager (SUM) running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
b71fe3a9a964fec200830af320a0bc29198483a1fefecfd84439a07026697de7
HP Security Bulletin HPSBMU02994 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
9136db41f765d29c48c992de49b2c3261c352a943ab68120fe6788760476c093
HP Security Bulletin HPSBMU02995 2 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
72c5dfc53db821c3cd75feadb5e9ec107d6c98de335d787941649d382bc15230
OpenSSL library is used in Ruckus products to implement various security related features. A vulnerability has been discovered in OpenSSL library which may allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. An exploit could disclose portions of memory containing sensitive security material such as passwords and private keys.
e2389dde2b3d98946abd1657f86b8b235aa6c789773e1225b58757349034d256
HP Security Bulletin HPSBMU02995 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
907a6458638d1857cd1328f10a18b99a268dd876115f358b6ff918bc31df9780
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
31b9e2d262b9e491ebcff8fbc73bf9d2aa0d0da21cceb7930e9d99be8d0958ac
Red Hat Security Advisory 2014-0396-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Important: This update is an emergency security fix being provided outside the scope of the published support policy for Red Hat Enterprise Virtualization listed in the References section. In accordance with the support policy for Red Hat Enterprise Virtualization, Red Hat Enterprise Virtualization Hypervisor 3.2 will not receive future security updates.
5a76bbf4a3610d00ea8756ca706bb91a0a601cf5a8ce2754e9d6a6368d853e8c
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
8ac230f3902a7f35b6b76d9ad09ffa77ce032177754a06743c1ffa83672c1fcf
This Metasploit module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable.
81d080e43dc83f3e3ee46722a1679f1f403475e40beef0b849082092202ffa5c
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
0154e0117391da9f265ff0a83bcd76a93f62d16f309e587ba789d69c8bbd8009
FreeBSD Security Advisory - FreeBSD is alerting everyone to multiple OpenSSL vulnerabilities. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.
66de8322e20a842eb886df05af8ec617a08fa29b761f8d1ec57df62b02a3009b