Ubuntu Security Notice 4376-2 - USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida Garc
5445679b64468007bee163d47a758be2917c993483dd87c18672525db8c01ce2Red Hat Security Advisory 2019-3929-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a cross site scripting vulnerability.
80f28c1ed396da36a178c6f1d6c7eae27d31ab38180de9357eb6ac5e272131c5Red Hat Security Advisory 2019-3931-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include cross site scripting and denial of service vulnerabilities.
c2a35f03e9c5eeee86dc6f02e3e82b10b06198741a15251e69754785d5ba9c63Red Hat Security Advisory 2019-2471-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. A padding oracle vulnerability has been addressed.
a46f7d2b53bd752084ed25b14868936b2956ed2c38912d31dd0fb687d0d6d2fbRed Hat Security Advisory 2019-2439-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Integer overflow, leaked credential, and padding oracle vulnerabilities were addressed.
cbac1f94d13e509c3c566a15a3b675f1a4bc70820c5f49e848ebabf61c32bc7bRed Hat Security Advisory 2019-2437-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.
f40cbaf735073c48fac04cf4f3c79efaa6a492f90523a8288de1eab0cd4f7637Red Hat Security Advisory 2019-2304-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Padding oracle and side channel attack vulnerabilities were addressed.
e607a95e5c3d3f0db4cbcf79c09aa6d3c94524dff94789b08b07d50183bf05edGentoo Linux Security Advisory 201903-10 - Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Versions less than 1.0.2r are affected.
77f749728ff0ba1057d2f4792d97c1278a4ef4a6d57fe67b15d03cfd253b0d2dDebian Linux Security Advisory 4400-1 - Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.
8b3bd6404f65745161cc6a1873fed7ddf1ec54093e6aa6e4528362789df0c5cdSlackware Security Advisory - New openssl packages are available for Slackware 14.2 to fix a security issue.
5c1cdf9684c784e3419f4f62d1ea6abbe56bd1569166ff01ede23c6e0f9a6356Ubuntu Security Notice 3899-1 - Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.
314dd057e4f3b505847675be956a215758d853b3d9060ea0c5c55356b5e867b6OpenSSL Security Advisory 20190226 - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.
7b85f385cb07ba1c0a0620e5de69b40ca553365965e5ac92f646e4272b637156
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed