Download
| Alert*
oval:org.secpod.oval:def:503264
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle * openssl: timing side channel attack in the DSA signature algorithm For mo ... oval:org.secpod.oval:def:49221 The host is installed with OpenSSL 1.1.0 through 1.1.0i, 1.0.2 through 1.0.2p or 1.1.1 and is prone to a timing side channel attack vulnerability. A flaw is present in the DSA algorithm. On successful exploitation, an attacker could use variations in the signing algorithm to recover the private key. oval:org.secpod.oval:def:1000719 The remote host is missing a patch 151912-14 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1504162 [1.0.2k-19.0.1] - Bump release for rebuild. [1.0.2k-19] - close the RSA decryption 9 lives of Bleichenbacher cat timing side channel [1.0.2k-18] - fix CVE-2018-0734 - DSA signature local timing side channel - fix CVE-2019-1559 - 0-byte record padding oracle - close the RSA decryption One done EM s ... oval:org.secpod.oval:def:51179 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:205268 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle * openssl: timing side channel attack in the DSA signature algorithm For mo ... oval:org.secpod.oval:def:1504320 [1.1.1c-2] - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code [1.1.1c-1] - update to the 1.1.1c release [1.1.1b-6] - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode [1.1.1b-5] - Fix small regressions related to the ... oval:org.secpod.oval:def:89002091 This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation . - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses . - Add missing timing side channel patch for DSA signature ge ... oval:org.secpod.oval:def:89002524 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation . - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses . - Add missing timing side channel patch for DSA signature generati ... oval:org.secpod.oval:def:60338 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:1000665 The remote host is missing a patch 151913-14 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1700120 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key oval:org.secpod.oval:def:2103873 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2 ... oval:org.secpod.oval:def:1600985 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key oval:org.secpod.oval:def:89002192 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation . - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses . - CVE-2016-8610: Adjusted current fix and add missing error string ... oval:org.secpod.oval:def:1700270 If an application encounters a fatal protocol error and then calls SSL_shutdown twice then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves d ... oval:org.secpod.oval:def:503412 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:89049756 This update for openssl-1_1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation . - CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation . oval:org.secpod.oval:def:50635 The host is installed with Oracle VM VirtualBox before 5.2.24 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availability. oval:org.secpod.oval:def:704418 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:66494 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:2105792 Oracle Solaris 11 - ( CVE-2018-1165 ) oval:org.secpod.oval:def:603589 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. oval:org.secpod.oval:def:53478 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. oval:org.secpod.oval:def:603582 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. oval:org.secpod.oval:def:117144 The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. oval:org.secpod.oval:def:2105926 Oracle Solaris 11 - ( CVE-2018-12120 ) oval:org.secpod.oval:def:53471 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. |