Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
16c2056d090785be8a94fc1a5ad4fcf383eef85c7a47bbb4b6f442c4d6911e12Red Hat Security Advisory 2018-2575-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
23b1e7103f814a2701427f105de8aeeedf3a5b0e15d6ccbb1452af8c7f352335Red Hat Security Advisory 2018-2568-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
81773aa1b0c169ccfc2ecf36d8c9f4c0317742188a742e2b2301bcb4c9f0dc85Red Hat Security Advisory 2018-2186-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
3ae001c838be7fe63f3f17218120c104c0337869b4012d6ba095f9df05b116a8Red Hat Security Advisory 2018-2185-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
7e87933107e4717883ce5385c59d3741b7ecc791f11d4f3340888ec72b50870bRed Hat Security Advisory 2018-2187-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include out-of-bounds access.
3cf3a4008f8603285e63957d08f151b7215154836af4d8dfe0c8ddd59cc6c556Micro Focus Security Bulletin MFSBGN03804 1 - Potential security vulnerabilities have been identified with Service Manager. These vulnerabilities have been identified in the OpenSSL open source library component and may be exploited to cause disruption of service and unauthorized disclosure of information. Revision 1 of this advisory.
d6f240a9cad2e06c8e0909e3cf693c19d337f32f14bd272746164c071da97dc2FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified.
fd0871f8f44d01650f47267d841a243c6a575b751f8b35d5ec24cc8563298df8Gentoo Linux Security Advisory 201702-7 - Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Versions less than 1.0.2k are affected.
2868de12def1f5a6465fb81ae04a5637b8d741fa182174ea0276c56a6a11b31dSlackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
4b83eb4778dd1ad58130c6ca504a220795ceb3f5f3ead2b30a42ef3dbbb5de0bUbuntu Security Notice 3181-1 - Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. Various other issues were also addressed.
57bc2db6d746d9332099eb6b7e11a55d8ecf7dce6e56d672f080cb8e2faff1abOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed