what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

CVE-2019-1563

Status Candidate

Overview

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Related Files

Ubuntu Security Notice USN-4504-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4504-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Cesar Pereida GarcĂ­a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, CVE-2020-1968
MD5 | f3b44e23570e906ce90abb2252627ce0
Red Hat Security Advisory 2020-3194-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3194-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-14404, CVE-2018-18074, CVE-2018-19519, CVE-2018-20060, CVE-2018-20337, CVE-2018-20852, CVE-2018-7263, CVE-2018-9251, CVE-2019-1010180, CVE-2019-1010204, CVE-2019-11236, CVE-2019-11324, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-13232, CVE-2019-13752, CVE-2019-13753, CVE-2019-14563, CVE-2019-14822, CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, CVE-2019-15847, CVE-2019-16056, CVE-2019-17451
MD5 | 6d8fedd0c28b95c1f558509bebc3b400
Ubuntu Security Notice USN-4376-2
Posted Jul 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4376-2 - USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida Garc

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-1547, CVE-2019-1559, CVE-2019-1563
MD5 | 5ffe6bab9ab65abc32cc3f1b5a2aa54b
Ubuntu Security Notice USN-4376-1
Posted May 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4376-1 - It was discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. Matt Caswell discovered that OpenSSL incorrectly handled the random number generator. This may result in applications that use the fork system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-1547, CVE-2019-1549, CVE-2019-1551, CVE-2019-1563
MD5 | f989c11ebb96bde96d6e47a9686c7190
Red Hat Security Advisory 2020-1840-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1840-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include an information leakage vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-1547, CVE-2019-1549, CVE-2019-1563
MD5 | 26b51d90d086f5e38f0155853de6dc76
Red Hat Security Advisory 2020-1337-01
Posted Apr 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1337-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2019-1547, CVE-2019-1549, CVE-2019-1563
MD5 | 75822453dc594258837defc8c3bcd870
Red Hat Security Advisory 2020-1336-01
Posted Apr 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1336-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2019-1547, CVE-2019-1549, CVE-2019-1563
MD5 | d8519ed8018bdd04a1887919f9801b00
Gentoo Linux Security Advisory 201911-04
Posted Nov 8, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201911-4 - Multiple information disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Versions less than 1.0.2t are affected.

tags | advisory, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2019-1547, CVE-2019-1563
MD5 | a0cdca0c47e2c6186ebd1d8dcdd89f58
Debian Security Advisory 4539-1
Posted Oct 2, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4539-1 - ECDSA, a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey() and it was discovered that a feature of the random number generator (RNG) intended to protect against shared RNG state between parent and child processes in the event of a fork() syscall was not used by default.

tags | advisory
systems | linux, debian
advisories | CVE-2019-1547, CVE-2019-1549, CVE-2019-1563
MD5 | cc0d2e9f89e952c84d6d63e3bf53a62c
Debian Security Advisory 4540-1
Posted Oct 2, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4540-1 - ECDSA and a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey().

tags | advisory
systems | linux, debian
advisories | CVE-2019-1547, CVE-2019-1563
MD5 | 8f79b79b965a527586294186fdd183ba
Slackware Security Advisory - openssl Updates
Posted Sep 12, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-1547, CVE-2019-1563
MD5 | 2f9e3a4d0a52e82bac4c1f57995b0bf9
OpenSSL Toolkit 1.1.1d
Posted Sep 11, 2019
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a fork protection issue. Added a bypass mitigation. Various other updates.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2019-1547, CVE-2019-1549, CVE-2019-1552, CVE-2019-1563
MD5 | 3be209000dbc7e1b95bcdf47980a3baa
Asterisk Project Security Advisory - AST-2019-005
Posted Sep 5, 2019
Authored by Gregory Massel | Site asterisk.org

Asterisk Project Security Advisory - When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not. This issue presented itself when an RTP packet containing no audio (and thus no samples) was received. In a particular transcoding scenario this audio frame would get turned into a frame with no origin information. If this new frame was then given to the audio transcoding support a crash would occur as no samples and no origin information would be present.

tags | advisory
advisories | CVE-2019-15639
MD5 | e0a632f4970b7e79ff0d9a8c7e4d1592
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close