Download
| Alert*
oval:org.secpod.oval:def:93352
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2023-0464 David Benjamin reported a flaw related to the verification of X.509 certificate chains that include policy constraints, which may result in denial of service. CVE-2023-0465 David Benjamin reported ... oval:org.secpod.oval:def:93586 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:97727 [CLSA-2023:1683236532] openssl: Fix of 3 CVEs oval:org.secpod.oval:def:1701798 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:2600277 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:91510 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:125789 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:610588 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2023-0464 David Benjamin reported a flaw related to the verification of X.509 certificate chains that include policy constraints, which may result in denial of service. CVE-2023-0465 David Benjamin reported ... oval:org.secpod.oval:def:89048611 This update for openssl-1_0_0 fixes the following issues: Security fixes: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . Other fixes: * Fix DH key generation in FIPS mode, add support for constant BN for DH parameters oval:org.secpod.oval:def:89048610 This update for openssl-3 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:89048598 This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... oval:org.secpod.oval:def:91743 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:19500030 A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of co ... oval:org.secpod.oval:def:89581 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:91086 The host is installed with Oracle VM VirtualBox 6.1.x before 6.1.46 or 7.0.x before 7.0.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core (OpenSSL). Successful exploitation allows attackers to affect availability. oval:org.secpod.oval:def:91163 The host is installed with Oracle VM VirtualBox 6.1.x before 6.1.46 or 7.0.x before 7.0.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core (OpenSSL). Successful exploitation allows attackers to affect availability. oval:org.secpod.oval:def:708111 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89048507 This update for openssl1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:1601718 A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of co ... oval:org.secpod.oval:def:507816 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Possible DoS translating ASN.1 object identifiers * openssl: Denial of service by excessive resource usag ... oval:org.secpod.oval:def:89048503 This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . * CVE-2023-0466: Certificate policy check were not enabled . oval:org.secpod.oval:def:1701338 A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of co ... oval:org.secpod.oval:def:89048523 This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:89048589 This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:89048644 This update for openssl-1_0_0 fixes the following issues: Security fixes: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . Other fixes: * Fix DH key generation in FIPS mode, add support for constant BN for DH parameters oval:org.secpod.oval:def:89048522 This update for openssl fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:1506618 [3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-16] - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211396 [1:3.0.7-15.1] - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 p ... oval:org.secpod.oval:def:88746 The host is installed with OpenSSL 1.0.2 before 1.0.2zh, 1.1.1 before 1.1.1u, 3.0.0 before 3.0.9 or 3.1.0 before 3.1.1 or Oracle VM VirtualBox 6.1.x before 6.1.46 or 7.0.x before 7.0.10 and is prone to an improper certificate validation vulnerability. A flaw is present in the application, which fail ... oval:org.secpod.oval:def:89048520 This update for openssl fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:1701311 A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of co ... oval:org.secpod.oval:def:125796 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. |