Red Hat Security Advisory 2020-4298-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
b21e4b6db18910bfdf465e20ef86844c5bb5f82b4312bf2f74efe50f227b2c78OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919OpenSSL Security Advisory 20160503 - This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. Other issues were also addressed.
c1bd7ca386d1c20c2cc9e48468708819814aeb79be8b47c58d08c86485a8125aRed Hat Security Advisory 2014-0416-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
0032421aec1d1d27f91354a5fea1ce01a8e83f64e4d39583854c2b9d91e466a1Gentoo Linux Security Advisory 201402-8 - Multiple vulnerabilities have been found in stunnel, the worst of which may cause a Denial of Service condition. Versions less than 4.56-r1 are affected.
31d749575518e8dbefa0e344dea1c1971b5f9d57ef56cd9eca9f080b0a6ae029HP Security Bulletin HPSBMU02874 3 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 3 of this advisory.
4c70eda32ba12099ad62298acd9d2be2d0eb44814e5ae0c535f3d1fb3f8c8e9cGentoo Linux Security Advisory 201312-3 - Multiple vulnerabilities have been found in OpenSSL allowing remote attackers to determine private keys or cause a Denial of Service. Versions less than 1.0.0i are affected.
380511be6e419bf1f679eb548827eea73dd38dc5884aa3ee7bdc7e4fdf03aa74HP Security Bulletin HPSBMU02874 SSRT101184 2 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 2 of this advisory.
ac65893680b0dc669633fee5e7c520841b4f6a6ede35e7f8e83663e5e2fc4757Gentoo Linux Security Advisory 201310-10 - Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition. Versions less than 1.3.0 are affected.
88a709ef0a86449fa6810d209ac375d4139594cffce4b83ab633a751865add55Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.
6ba59298aa5785b3b0ac181767509f821759a4fbc0ab6e1b3056eb65c22a59a5HP Security Bulletin HPSBUX02909 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
bd3989e7ffbbe4edf07702f6c532013ec639b2e618c84b0b6cbbc46c178961acRed Hat Security Advisory 2013-1013-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
4d8adaa9bcaef993e656ec1d999154261c28702c77c144918b0a2f0f34812afdRSA BSAFE SSL-C version 2.8.7 contains a patch that is designed to help ensure that MAC checking is time invariant in servers in order to mitigate Lucky Thirteen attacks.
3705ff404e79e528a1d4c4f3b3ef61d1564a3c5b98e8c1e65707ec6fa9ccf3b9RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain updates designed to prevent BEAST attacks and SSL/TLS Plaintext Recovery (aka Lucky Thirteen) attacks.
c4c500343555b143f39e0055e4ce990a4e2809cae8e525b10d41140c0a9e374eResearchers have discovered a weakness in the handling of CBC cipher suites in SSL, TLS and DTLS for RSA BSAFE Micro Edition Suite for all versions outside of 4.0.3 and 3.2.5. The Lucky Thirteen attack exploits timing differences arising during MAC processing. Vulnerable implementations do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
63d67971616d756f9a24527aece917f871801037a08e76de35be02323baa702aRed Hat Security Advisory 2013-0855-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
55b5630a6727041a01e8302b074f62792ba7c281270fae1f1d9c4e202e41041cRed Hat Security Advisory 2013-0833-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements.
be31d08c9fe7f87aab712804d7ac09b4cc70f365f6057bdf0d3725e94bc73d3cRed Hat Security Advisory 2013-0823-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
7976d7f92951a88876a7eb7901961e1753ddc3c76e5eae1cb91cb6fd64c17c66Red Hat Security Advisory 2013-0822-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
b73c83c3cdb9c589a8c653747142c482009b5367d3fae38dcfb1512ad7a819beRed Hat Security Advisory 2013-0783-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.
afb6a79216774e542546dbb1bca6e4909511b67498263b7f0ec7ff8a629222b4Red Hat Security Advisory 2013-0782-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.
35e9165726ec8b7730d6c011ad7f011c013f4ed805b28c59be8118a1119d97d9HP Security Bulletin HPSBMU02874 SSRT101184 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 1 of this advisory.
6b8f577467e6e64a94ac9f1285bd24a8e75470238726cda299c3e72a719a8194Mandriva Linux Security Advisory 2013-095 - Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Various other issues were also addressed.
45b414ad1d7bafe7ea541cbe9a5e727f7af41ca7e2b60153b3a757f05bea9ebeMandriva Linux Security Advisory 2013-052 - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. The updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues.
45f3e48573ae559cee00727235a6991efe4ffe008121b06d31f87dd310773e8fFreeBSD Security Advisory - A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack.
b53bfd66b506dafcb90c6c9516eb9205fffab27069d0f3a35836d94fab93d2fe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed