No Image

USN-2914-1: OpenSSL vulnerabilities

2016-03-02 KENNETH 0

USN-2914-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-2914-1 1st March, 2016 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL wasvulnerable to a side-channel attack on modular exponentiation. On certainCPUs, a local attacker could possibly use this issue to recover RSA keys.This flaw is known as CacheBleed. (CVE-2016-0702) Adam Langley discovered that OpenSSL incorrectly handled memory whenparsing DSA private keys. A remote attacker could use this issue to causeOpenSSL to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-0705) Guido Vranken discovered that OpenSSL incorrectly handled hex digitcalculation in the BN_hex2bn function. A remote attacker [ more… ]

No Image

RHSA-2016:0303-1: Important: openssl security update

2016-03-02 KENNETH 0

RHSA-2016:0303-1: Important: openssl security update Red Hat Enterprise Linux: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800 Source: RHSA-2016:0303-1: Important: openssl security update

No Image

RHSA-2016:0302-1: Important: openssl security update

2016-03-02 KENNETH 0

RHSA-2016:0302-1: Important: openssl security update Red Hat Enterprise Linux: Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-3197, CVE-2016-0797, CVE-2016-0800 Source: RHSA-2016:0302-1: Important: openssl security update

No Image

RHSA-2016:0301-1: Important: openssl security update

2016-03-02 KENNETH 0

RHSA-2016:0301-1: Important: openssl security update Red Hat Enterprise Linux: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800 Source: RHSA-2016:0301-1: Important: openssl security update