Download
| Alert*
oval:org.secpod.oval:def:87438
The host is installed with OpenSSL 3.0.0 before 3.0.8 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle PKCS7 data verification. Successful exploitation could result in application crash. oval:org.secpod.oval:def:5800144 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName * openssl: read buffer overflow in X.509 certificate ve ... oval:org.secpod.oval:def:707930 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:90229 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:19500051 A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the applica ... oval:org.secpod.oval:def:2107989 Oracle Solaris 11 - ( CVE-2023-0215 ) oval:org.secpod.oval:def:708682 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:2600164 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:507561 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: read buffer overflow in X.509 certificate verification * openssl: timing attack in RSA Decryption impleme ... oval:org.secpod.oval:def:96801 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:124976 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1506446 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed U ... oval:org.secpod.oval:def:1506461 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed U ... oval:org.secpod.oval:def:125023 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:89048223 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification . - CVE-2023-0217: Fixed NULL pointer dereference valid ... oval:org.secpod.oval:def:3300295 SUSE Security Update: Security update for openssl-3 |