Ubuntu Security Notice 4504-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Cesar Pereida GarcĂa, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
a453c91247c0c8b05f0a70b1a3674ee04e7e21eea70c71f8885d6de34ed4c9a3
Red Hat Security Advisory 2020-3194-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a man-in-the-middle vulnerability.
ab12a5414b74ae4ec0875438bd155092413bb637cd1033a63c83f8057805a037
Ubuntu Security Notice 4376-2 - USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida Garc
5445679b64468007bee163d47a758be2917c993483dd87c18672525db8c01ce2
Ubuntu Security Notice 4376-1 - It was discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. Matt Caswell discovered that OpenSSL incorrectly handled the random number generator. This may result in applications that use the fork system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.
e20de866e28c83e8f20de501782e4da4bf3f8fcaa6fcfbdc5b5e842700cd1f27
Red Hat Security Advisory 2020-1840-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include an information leakage vulnerability.
179c450f5486128e09d227d463e27144c9b0b365175069306e8100d7c94d5fe9
Red Hat Security Advisory 2020-1337-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Issues addressed include cross site scripting and information leakage vulnerabilities.
f5fa6f7bb5d7a7d309a8775da86642e1bf6dd537d5dd050f80f0f912e8b85506
Red Hat Security Advisory 2020-1336-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Issues addressed include cross site scripting and information leakage vulnerabilities.
5898d1e008b3119bd09596bf525e8c009122f59f9884463cf27a8b718a6c7d0a
Gentoo Linux Security Advisory 201911-4 - Multiple information disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Versions less than 1.0.2t are affected.
d0d2808bdb7b5e21d54dc5b11536556321445e4a171cd058a9f69980dbaca635
Debian Linux Security Advisory 4539-1 - ECDSA, a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey() and it was discovered that a feature of the random number generator (RNG) intended to protect against shared RNG state between parent and child processes in the event of a fork() syscall was not used by default.
bfbb11b91e11daa3793311922876b6211bfc3e40e8f82df31993c0acb0429b23
Debian Linux Security Advisory 4540-1 - ECDSA and a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey().
f3033555a194c2428e7bd4789ca5524ae13ff89d1b725256de9800a4f91a63ee
Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
fe19426b23027a70690a4af7eb2f175ccf43a3c6e29a2239b5251501fe492c0a
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
OpenSSL Security Advisory 20190910 - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. Other issues were also addressed.
9aabd4d3854b3b34e811a20f6d073061497a1f35b60c234fd00725cb1cb66a77