Download
| Alert*
|
oval:org.secpod.oval:def:86478
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network. oval:org.secpod.oval:def:2107913 Oracle Solaris 11 - ( CVE-2022-2097 ) oval:org.secpod.oval:def:89046757 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode . oval:org.secpod.oval:def:89047561 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode . oval:org.secpod.oval:def:707463 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network. oval:org.secpod.oval:def:89046739 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode. oval:org.secpod.oval:def:89046741 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode . oval:org.secpod.oval:def:81883 The host is installed with OpenSSL 1.1.1 through 1.1.1p or 3.0.0 through 3.0.4 and is prone to an information disclosure vulnerability. A flaw is present in the AES OCB mode for 32-bit x86 which fails to properly encrypt the entirety of the data under some circumstances. On successful exploitation, ... oval:org.secpod.oval:def:123190 The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. oval:org.secpod.oval:def:123072 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:1701195 AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, s ... oval:org.secpod.oval:def:84891 The host is installed with Oracle MySQL Server through 5.7.39 or 8.0.30 or OpenSSL 1.1.1 through 1.1.1p or 3.0.0 through 3.0.4 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Packaging (OpenSSL). Successful exploita ... oval:org.secpod.oval:def:89046746 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode oval:org.secpod.oval:def:123631 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:19500113 AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, s ... oval:org.secpod.oval:def:89344 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure. Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20 ... oval:org.secpod.oval:def:610380 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure. Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20 ... oval:org.secpod.oval:def:2107687 Oracle Solaris 11 - ( CVE-2022-32213 ) oval:org.secpod.oval:def:3300766 SUSE Security Update: Security update for openssl-3 oval:org.secpod.oval:def:1505892 [1:1.1.1k-7] - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2100554 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 - Fix CVE-2022-2068: th ... oval:org.secpod.oval:def:3300531 SUSE Security Update: Security update for openssl-1_1 oval:org.secpod.oval:def:2600009 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:4501072 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: the c_rehash script allows command injection * opens ... oval:org.secpod.oval:def:708554 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:2500721 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:1505987 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#21158 ... oval:org.secpod.oval:def:19500080 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:94969 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... oval:org.secpod.oval:def:86652 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:507091 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: the c_rehash script allows command injection * opens ... oval:org.secpod.oval:def:507138 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: Signer certificate verification returns inaccurate re ... oval:org.secpod.oval:def:89047815 This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. - CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify . - CVE-2022-2097: Fix ... oval:org.secpod.oval:def:89047650 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode . oval:org.secpod.oval:def:1505925 [1:1.1.1k-7] - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2100554 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 - Fix CVE-2022-2068: th ... |
