Displaying 20 results from an estimated 30000 matches similar to: "OpenSSL <=0.9.6d vulnerability"
2002 Jul 30
1
OpenSSL Security Advisory [30 July 2002]
Hi,
FYI - don't sue me for posting this here - I know, everyone who needs this info *should* have it already, but maybe not ;-)
Kind regards,
B. Courtin
--
OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is
an official OpenSSL advisory.
Advisory 1
==========
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are
2008 May 15
0
Impact of the Debian OpenSSL vulnerability
A severe vulnerability was found in the random number generator (RNG)
of the Debian OpenSSL package, starting with version 0.9.8c-1 (and
similar packages in derived distributions such as Ubuntu). While this
bug is not present in the OpenSSL packages provided by CentOS, it may
still affect CentOS users.
The bug barred the OpenSSL random number generator from gaining enough
entropy required for
2014 Apr 08
3
Heartbleed openssl vulnerability?
Do we know if dovecot is vulnerable to the heartbleed SSL problem?
I'm running dovecot-2.0.9 and openssl-1.01, the latter being
intrinsically vulnerable. An on-line tool says that my machine is not
affected on port 993 but it would be nice to know for sure if we were
vulnerable for a while. (Naturally I've blocked it anyway!).
Thanks
John
2015 Mar 31
2
OpenSSL vulnerability fix
just for my curiosity, How can we make sure that its not affected?
Is there any script to check whether its vulnerable or not (as in bash
shell shock vulnerability test)?
On Tue, Mar 31, 2015 at 12:25 PM, Eero Volotinen <eero.volotinen at iki.fi>
wrote:
> Centos 5 is not affected by this bug, so fix is not available.
>
> Eero
> 31.3.2015 9.48 ap. kirjoitti "Venkateswara
2012 Apr 19
2
OpenSSL ASN.1 vulnerability: sshd not affected
Hi,
Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that
can be exploited to cause a heap overflow:
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use
of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification
function (openssh_RSA_verify):
2003 Oct 03
0
FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:18.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL vulnerabilities in ASN.1 parsing
Category: crypto
Module: openssl
Announced:
2015 Mar 31
2
OpenSSL vulnerability fix
Hi All,
I wanted to fix the openssl vulnerabilities (CVE-2014-3569, CVE-2014-3570,
CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd
has the fixes I am looking for (from the
https://www.openssl.org/news/vulnerabilities.html link).
But, When I tried to find the openssl-0.9.8zd rpm package, I did not find
it in http://mirror.centos.org/centos/5/updates/x86_64/RPMS/.
The
2014 Jun 06
2
does the openSSL security vulnerability (CVE-2014-0224) affect openssh?
Dear openssh developers,
can you please check, whether the vulnerability of openSSL (CVE-2014-0224):
http://www.openssl.org/news/secadv_20140605.txt
openssh affects?
Many thanks
Van Cu Truong
Tel.: +49 (211) 399 33598
Mobile: +49 (163) 1651728
cu.truongl at atos.net<mailto:cu.truongl at atos.net>
Otto-Hahn-Ring 6
81739 M?nchen, Deutschland
de.atos.net
2013 Aug 06
2
Openssl vulnerability - SSL/ TLS Renegotion Handshakes
Hi,
I'm currently at CentOS 5.8. I'm using openssl version
openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus
security scan:
"SSL/ TLS Renegotion Handshakes MiTm Plaintext Data Injection"
As per following link, Redhat has introduced openssl-0.9.8m which fixes
this specific issue:
2004 Mar 18
1
latest openssl vulnerability
Is it true that (dynamic) binaries are vulnerable if and only if they are
linked with libssl.so.3, not with libcrypt or libcrypto?
Thanks for your help.
Andrew.
2015 Mar 31
0
OpenSSL vulnerability fix
Centos 5 is not affected by this bug, so fix is not available.
Eero
31.3.2015 9.48 ap. kirjoitti "Venkateswara Rao Dokku" <dvrao.584 at gmail.com>:
> Hi All,
>
> I wanted to fix the openssl vulnerabilities (CVE-2014-3569, CVE-2014-3570,
> CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd
> has the fixes I am looking for (from the
>
2003 Oct 01
5
Recent OpenSSL vulnerability require rebuild of OpenSSH
We have OpenSSH built against a static version of the OpenSSL library.
Do the recent OpenSSL vulnerabilities necessitate a rebuild of
OpenSSH?
http://www.openssl.org/news/secadv_20030930.txt
>From the description of the four bugs, I'm inclined to think not.
--
albert chin (china at thewrittenword.com)
2016 May 12
2
Openssl vulnerability
Hi Team,
I have a centos 7 running server with openssl version openssl-1.0.1e-51.el7_2.4.x86_64, I have received a set of vulnerability from security team, can anyone tell me as per below CVE do I need to update my openssl version to 1.0.1t? Or the current version which we have is safe.
CVE-2016-0701, CVE-2015-3197
CVE-2015-4000
CVE-2015-0204
CVE-2015-0286, CVE-2015-0287, CVE-2015-0289,
1998 Jan 20
0
SNI-23: SSH - Vulnerability in ssh-agent
-----BEGIN PGP SIGNED MESSAGE-----
###### ## ## ######
## ### ## ##
###### ## # ## ##
## ## ### ##
###### . ## ## . ######.
Secure Networks Inc.
Security Advisory
2014 Apr 09
1
FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)
For even more information about "Heartbleed".
-Connie Sieh
---------- Forwarded message ----------
Date: Wed, 9 Apr 2014 12:27:54 -0500
From: The SANS Institute <NewsBites at sans.org>
Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability
FLASH NewsBites - Heartbleed Open SSL Vulnerability
FLASH NewsBites are issued only when a security event demands global and
immediate
2014 Apr 07
0
OpenSSL vulnerability
Hello.
FYI a very serious OpenSSL flaw was made public today. It has implications
for existing OpenSSL key material though no direct impact on OpenSSH.
For those interested, here's a good description: http://heartbleed.com/
--mancha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not
2004 Mar 17
0
FreeBSD Security Advisory FreeBSD-SA-04:05.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:05.openssl Security Advisory
The FreeBSD Project
Topic: Denial-of-service vulnerability in OpenSSL
Category: crypto
Module: openssl
Announced:
2004 Mar 17
0
FreeBSD Security Advisory FreeBSD-SA-04:05.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:05.openssl Security Advisory
The FreeBSD Project
Topic: Denial-of-service vulnerability in OpenSSL
Category: crypto
Module: openssl
Announced:
2008 May 22
0
/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised
Asterisk Project Security Advisory - AST-2008-007
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Asterisk installations using cryptographic keys |
| | generated
2003 Oct 03
6
FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:18.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL vulnerabilities in ASN.1 parsing
Category: crypto
Module: openssl
Announced: