Download
| Alert*
oval:org.secpod.oval:def:57464
The host is installed with Oracle VM VirtualBox 5.2.x before 5.2.32 or 6.0.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core (OpenSSL). Successful exploitation allows attackers to affect confidentiality and integrity. oval:org.secpod.oval:def:89003303 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes . oval:org.secpod.oval:def:57439 Joran Dirk Greef discovered that overly long nonces used with ChaCha20-Poly1305 were incorrectly processed and could result in nonce reuse. This doesn"t affect OpenSSL-internal uses of ChaCha20-Poly1305 such as TLS. oval:org.secpod.oval:def:117138 The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. oval:org.secpod.oval:def:604413 Joran Dirk Greef discovered that overly long nonces used with ChaCha20-Poly1305 were incorrectly processed and could result in nonce reuse. This doesn"t affect OpenSSL-internal uses of ChaCha20-Poly1305 such as TLS. oval:org.secpod.oval:def:57551 The host is installed with Oracle VM VirtualBox before 5.2.32 or 6.0.x before 6.0.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core. Successful exploitation allows attackers to affect confidentiality and integrity. oval:org.secpod.oval:def:1901614 ChaCha20-Poly1305 with long nonces oval:org.secpod.oval:def:51005 The host is installed with OpenSSL 1.1.0 through 1.1.0j or through 1.1.1b or Oracle VM VirtualBox 5.2.x before 5.2.32 or 6.0.10 and is prone to an information disclosure vulnerability. A flaw is present in the way the ChaCha20-Poly1305 cipher uses reused nonce values. On successful exploitation, an ... oval:org.secpod.oval:def:503412 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:1504320 [1.1.1c-2] - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code [1.1.1c-1] - update to the 1.1.1c release [1.1.1b-6] - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode [1.1.1b-5] - Fix small regressions related to the ... oval:org.secpod.oval:def:66494 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:117144 The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. |