Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.
5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49Red Hat Security Advisory 2018-3221-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a denial of service vulnerability.
f834291e7efc55a6d4018d8ba12fd62c80f36b5a912355996aca5eab461c7cffUbuntu Security Notice 3611-2 - USN-3611-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. Various other issues were also addressed.
4094157549f5ec277e8c78c08fe2e3d765a133e392ff0d7a717fc70b007f4eb6Gentoo Linux Security Advisory 201712-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2n are affected.
fce3728192f2ad29f4f85aa453b99dae4b60a8dc3c7ceb2e2bc45239433e0b60Apple Security Advisory 2017-12-6-1 - macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan are now available and address issues in apache, curl, and more.
3918e25736c0918763ac137433051db5b4a68c6701db5e97911b5001522fb8e4Ubuntu Security Notice 3475-1 - It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. Various other issues were also addressed.
dc6c25451009be5ce9782f82197c75fdc4e6f83d2f796ae27a71f4e114494fe0OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0fOpenSSL Security Advisory 20171102 - There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Other issues were also addressed.
13c8f9e7efe4df4ea9e45017af978e35c3f09aa73ff4826ac18d619f1512c340OpenSSL Security Advisory 20170828 - If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format.
bfe693c207e12bf41b62de943a276fa92f260530bb94dfc8fc7787631bc42165
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed