Debian Linux Security Advisory 3300-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the "LogJam" vulnerability.
08a75baa6d19215d3d2a5d49d4060518bf5bfaf92d3ae35cc528ef9d223d7ac1
Red Hat Security Advisory 2015-1197-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash.
d8b6ac26b5c98c2a2e05b182e2c52fafecb9fd3251e5d75bdd096181aa90c193
HP Security Bulletin HPSBGN03362 1 - A potential security vulnerability has been identified with HP Discovery and Dependency Mapping Inventory (DDMI). This is the TLS vulnerability in U.S. export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
0a328b352df12a13de155069805b9c3849fd9539fffe07ce0faac4caa906a9cf
HP Security Bulletin HPSBGN03351 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
46ca0e4ca7326b1e4d61eab6973ba780752a3ad6ca99d1c36f9123c65ac14560
Red Hat Security Advisory 2015-1185-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Note: This update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.
d3b8c8863bc4c06cd8091e672ddb9d95b2f56a995bbc755e9e1dcdbb20c55d3b
HP Security Bulletin HPSBMU03356 1 - A potential security vulnerability has been identified with HP Business Service Automation Essentials (BSAE) running TLS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
0460cfc09f1d91b07bbdaac7eb563a04d8545a18f9bc8815fa251d6e639ca183
Gentoo Linux Security Advisory 201506-2 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1o are affected.
b959832120295fdb5bd555f5691546a5d3d9c082cbb839a74bf11f43345d673f
Debian Linux Security Advisory 3287-1 - Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.
8973598b9eab155137f8a27dab1743defaf1d92670002f5b25f202a1b6fea269
FreeBSD Security Advisory - A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam. When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. Various other issues have also been addressed.
0f31d8be8e851db5b69fa3df18252499edec9d5d973028af8019e2d1dedd741b
OpenSSL Security Advisory 20150611 - When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. Other issues were also addressed.
e259b40e3a90a46bb96aac9b7b13501d043b19e0a29743d79533debfb1a522c2
Red Hat Security Advisory 2015-1072-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.
c01a17a54f2c2926f7fea2071ac64192b233b55f38f6fea5b4fae7dab6ec4e44