Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ USN-2959-1: OpenSSL vulnerabilities

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š USN-2959-1: OpenSSL vulnerabilities


๐Ÿ’ก Newskategorie: Unix Server
๐Ÿ”— Quelle: ubuntu.com

Ubuntu Security Notice USN-2959-1

3rd May, 2016

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in OpenSSL.

Software description

  • openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL
incorrectly handled memory when decoding ASN.1 structures. A remote
attacker could use this issue to cause OpenSSL to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-2108)

Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when
the connection uses the AES CBC cipher and the server supports AES-NI. A
remote attacker could possibly use this issue to perform a padding oracle
attack and decrypt traffic. (CVE-2016-2107)

Guido Vranken discovered that OpenSSL incorrectly handled large amounts of
input data to the EVP_EncodeUpdate() function. A remote attacker could use
this issue to cause OpenSSL to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-2105)

Guido Vranken discovered that OpenSSL incorrectly handled large amounts of
input data to the EVP_EncryptUpdate() function. A remote attacker could use
this issue to cause OpenSSL to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-2106)

Brian Carpenter discovered that OpenSSL incorrectly handled memory when
ASN.1 data is read from a BIO. A remote attacker could possibly use this
issue to cause memory consumption, resulting in a denial of service.
(CVE-2016-2109)

As a security improvement, this update also modifies OpenSSL behaviour to
reject DH key sizes below 1024 bits, preventing a possible downgrade
attack.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
libssl1.0.0 1.0.2g-1ubuntu4.1
Ubuntu 15.10:
libssl1.0.0 1.0.2d-0ubuntu1.5
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.19
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.36

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109

...













๐Ÿ“Œ PHP bis 5.6.30/7.0.20/7.1.6 OpenSSL Extension ext/openssl/openssl.c Negative Number Denial of Service


๐Ÿ“ˆ 27.6 Punkte

๐Ÿ“Œ PHP up to 5.6.30/7.0.20/7.1.6 OpenSSL Extension ext/openssl/openssl.c Negative Number denial of service


๐Ÿ“ˆ 27.6 Punkte

๐Ÿ“Œ USN-4738-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-4745-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-5845-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-6046-1: OpenSSL-ibmca vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-2830-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-6435-2: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-6632-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-2914-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-3475-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-3087-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-2830-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-3512-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-2914-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-4376-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-3087-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-3181-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-4376-2: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-4504-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-5710-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-5845-2: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-5844-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-6039-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-6450-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ USN-6622-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ [remote] - Apache/mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit


๐Ÿ“ˆ 18.4 Punkte

๐Ÿ“Œ [remote] - Apache/mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit


๐Ÿ“ˆ 18.4 Punkte

๐Ÿ“Œ OpenSSL 1.1.1 is released, including support for TLS 1.3 and a "complete rewrite of the OpenSSL random number generator"


๐Ÿ“ˆ 18.4 Punkte

๐Ÿ“Œ PHP up to 5.4.43/5.5.27/5.6.11 ext/openssl/openssl.c RAND_pseudo_bytes weak encryption


๐Ÿ“ˆ 18.4 Punkte

๐Ÿ“Œ Can someone explain to me how this command works 'openssl rand 60 | openssl base64 -A'


๐Ÿ“ˆ 18.4 Punkte

๐Ÿ“Œ Ruby up to 2.2.7/2.3.4/2.4.1 OpenSSL OpenSSL::ASN1 String denial of service


๐Ÿ“ˆ 18.4 Punkte

๐Ÿ“Œ Medium CVE-2020-9432: Lua-openssl project Lua-openssl


๐Ÿ“ˆ 18.4 Punkte

๐Ÿ“Œ Medium CVE-2020-9433: Lua-openssl project Lua-openssl


๐Ÿ“ˆ 18.4 Punkte

๐Ÿ“Œ Medium CVE-2020-9434: Lua-openssl project Lua-openssl


๐Ÿ“ˆ 18.4 Punkte

matomo