Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
16c2056d090785be8a94fc1a5ad4fcf383eef85c7a47bbb4b6f442c4d6911e12
Red Hat Security Advisory 2018-2575-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
23b1e7103f814a2701427f105de8aeeedf3a5b0e15d6ccbb1452af8c7f352335
Red Hat Security Advisory 2018-2568-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
81773aa1b0c169ccfc2ecf36d8c9f4c0317742188a742e2b2301bcb4c9f0dc85
Red Hat Security Advisory 2018-2186-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
3ae001c838be7fe63f3f17218120c104c0337869b4012d6ba095f9df05b116a8
Red Hat Security Advisory 2018-2185-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
7e87933107e4717883ce5385c59d3741b7ecc791f11d4f3340888ec72b50870b
Red Hat Security Advisory 2018-2187-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include out-of-bounds access.
3cf3a4008f8603285e63957d08f151b7215154836af4d8dfe0c8ddd59cc6c556
Micro Focus Security Bulletin MFSBGN03804 1 - Potential security vulnerabilities have been identified with Service Manager. These vulnerabilities have been identified in the OpenSSL open source library component and may be exploited to cause disruption of service and unauthorized disclosure of information. Revision 1 of this advisory.
d6f240a9cad2e06c8e0909e3cf693c19d337f32f14bd272746164c071da97dc2
FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified.
fd0871f8f44d01650f47267d841a243c6a575b751f8b35d5ec24cc8563298df8
Gentoo Linux Security Advisory 201702-7 - Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Versions less than 1.0.2k are affected.
2868de12def1f5a6465fb81ae04a5637b8d741fa182174ea0276c56a6a11b31d
Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
4b83eb4778dd1ad58130c6ca504a220795ceb3f5f3ead2b30a42ef3dbbb5de0b
Ubuntu Security Notice 3181-1 - Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. Various other issues were also addressed.
57bc2db6d746d9332099eb6b7e11a55d8ecf7dce6e56d672f080cb8e2faff1ab
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0