Next Page >>
openssl
#2008-016 multiple OpenSSL signature verification API misuse
Description:
Several functions inside the OpenSSL library incorrectly check the result
after calling the EVP_VerifyFinal function.
This bug allows a malformed signature to be treated as a good signature
rather than as an error. This issue affects the signature checks on DSA
and ECDSA keys used with SSL/TLS.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-12:01.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Debian Security Advisory DSA-2125-1 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
November 22, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssl
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
Debian Bug : 603709
CVE Id(s) : CVE-2010-3864
Mandriva Linux Security Advisory MDVSA-2009:310
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:02.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL incorrectly checks for malformed signatures
Category: contrib
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01299773
Version: 2
HPSBUX02296 SSRT071504 rev.2 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-12-13
Last Updated: 2007-12-13
Mandriva Linux Security Advisory MDVSA-2008:107
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : May 28, 2008
Affected: 2008.1
_______________________________________________________________________
Problem Description:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01945686
Version: 2
HPSBUX02482 SSRT090249 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-25
Last Updated: 2009-12-12
Mandriva Linux Security Advisory MDVSA-2009:238
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : September 21, 2009
Affected: 2008.1, 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2012:007
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : January 16, 2012
Affected: 2011.
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-1571-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
May 13, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssl
Vulnerability : predictable random number generator
Problem type : remote
Debian-specific: yes
CVE Id(s) : CVE-2008-0166
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01299773
Version: 1
HPSBUX02296 SSRT071504 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-12-12
Last Updated: 2007-12-12
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0004
Synopsis: ESX Service Console updates for openssl, bind, and
vim
Issue date: 2009-03-31
Updated on: 2009-03-31 (initial release of advisory)
CVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101
CVE-2008-3432 CVE-2008-2712 CVE-2007-2953
CVE-2010-1187 CVE-2010-1436 CVE-2010-1641
CVE-2010-3081
--- Microsoft SQL Express ---
CVE-2008-5416 CVE-2008-0085 CVE-2008-0086
CVE-2008-0107 CVE-2008-0106
--- OpenSSL ---
CVE-2010-0740 CVE-2010-0433
CVE-2010-3864 CVE-2010-2939
--- Oracle (Sun) JRE ---
CVE-2009-3555 CVE-2010-0082 CVE-2010-0084
CVE-2010-0085 CVE-2010-0087 CVE-2010-0088
Mandriva Linux Security Advisory MDVSA-2009:239
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : September 22, 2009
Affected: 2009.1
_______________________________________________________________________
Problem Description:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01945686
Version: 1
HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Debian Security Advisory DSA-1888-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssl, openssl097
Vulnerability : cryptographic weakness
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2409
===========================================================
Ubuntu Security Notice USN-792-1 June 25, 2009
openssl vulnerabilities
CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386,
CVE-2009-1387
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
===========================================================
Ubuntu Security Notice USN-704-1 January 07, 2009
openssl vulnerability
CVE-2008-5077
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:08.openssl Security Advisory
The FreeBSD Project
Topic: Remotely exploitable crash in OpenSSL
Category: contrib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-10:10.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
perform any check on the server certificate. It doesn't print any of the usual information about the dh key size and the content
of the server certificate either.
POC:
$ openssl genrsa -out server.key 4096
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
$ openssl dhparam -outform PEM -out dhparam.pem 4096
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem -accept 6697 &>./log &
$ weechat-curses ircs://127.0.0.1:6697 # will not check the certificate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: October 09, 2011
Bugs: #303739, #308011, #322575, #332027, #345767, #347623,
#354139, #382069
ID: 201110-01
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01203958
Version: 1
HPSBUX02277 SSRT071453 rev.1 - HP-UX Running OpenSSL, Local Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-15
Last Updated: 2007-10-15
Mandriva Linux Security Advisory MDVSA-2012:006
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : January 16, 2012
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSL: Multiple vulnerabilities
Date: December 01, 2009
Bugs: #270305, #280591, #292022
ID: 200912-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Asterisk installations using cryptographic keys |
| | generated by Debian-based systems may be using a |
| | vulnerable implementation of OpenSSL |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Compromised cryptographic keys |
|--------------------+---------------------------------------------------|
| Susceptibility | Users of RSA for IAX2 authentication and users of |
| | DUNDi |
-----BEGIN PGP SIGNED MESSAGE-----
OpenSSL Security Advisory [12-Oct-2007]
OpenSSL Vulnerabilities
- -----------------------
Vulnerability A
- ---------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSL: Denial of Service
Date: June 23, 2008
Bugs: #223429
ID: 200806-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mandriva Linux Security Advisory MDVSA-2010:076-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : April 19, 2010
Affected: 2009.0
_______________________________________________________________________
Problem Description:
Next Page>>
|
