Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ USN-2830-1: OpenSSL vulnerabilities

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š USN-2830-1: OpenSSL vulnerabilities


๐Ÿ’ก Newskategorie: Unix Server
๐Ÿ”— Quelle: ubuntu.com

Ubuntu Security Notice USN-2830-1

7th December, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in OpenSSL.

Software description

  • openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange
for an anonymous DH ciphersuite with the value of p set to 0. A remote
attacker could possibly use this issue to cause OpenSSL to crash, resulting
in a denial of service. This issue only applied to Ubuntu 15.10.
(CVE-2015-1794)

Hanno Böck discovered that the OpenSSL Montgomery squaring procedure
algorithm may produce incorrect results when being used on x86_64. A remote
attacker could possibly use this issue to break encryption. This issue only
applied to Ubuntu 15.10. (CVE-2015-3193)

Loïc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1
signatures with a missing PSS parameter. A remote attacker could possibly
use this issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2015-3194)

Adam Langley discovered that OpenSSL incorrectly handled malformed
X509_ATTRIBUTE structures. A remote attacker could possibly use this issue
to cause OpenSSL to consume resources, resulting in a denial of service.
(CVE-2015-3195)

It was discovered that OpenSSL incorrectly handled PSK identity hints. A
remote attacker could possibly use this issue to cause OpenSSL to crash,
resulting in a denial of service. This issue only applied to Ubuntu 12.04
LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.10:
libssl1.0.0 1.0.2d-0ubuntu1.2
Ubuntu 15.04:
libssl1.0.0 1.0.1f-1ubuntu11.5
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.16
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.32

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196

...













๐Ÿ“Œ PHP bis 5.6.30/7.0.20/7.1.6 OpenSSL Extension ext/openssl/openssl.c Negative Number Denial of Service


๐Ÿ“ˆ 28.23 Punkte

๐Ÿ“Œ PHP up to 5.6.30/7.0.20/7.1.6 OpenSSL Extension ext/openssl/openssl.c Negative Number denial of service


๐Ÿ“ˆ 28.23 Punkte

๐Ÿ“Œ USN-4738-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-4745-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-5845-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-6046-1: OpenSSL-ibmca vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-2914-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-6435-2: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-6632-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-2959-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-3475-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-3087-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-2914-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-3512-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-2959-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-4376-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-3087-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-3181-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-4376-2: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-4504-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-5710-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-5845-2: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-5844-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-6039-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-6450-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ USN-6622-1: OpenSSL vulnerabilities


๐Ÿ“ˆ 20.24 Punkte

๐Ÿ“Œ [remote] - Apache/mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ [remote] - Apache/mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ OpenSSL 1.1.1 is released, including support for TLS 1.3 and a "complete rewrite of the OpenSSL random number generator"


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ PHP up to 5.4.43/5.5.27/5.6.11 ext/openssl/openssl.c RAND_pseudo_bytes weak encryption


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ Can someone explain to me how this command works 'openssl rand 60 | openssl base64 -A'


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ Ruby up to 2.2.7/2.3.4/2.4.1 OpenSSL OpenSSL::ASN1 String denial of service


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ Medium CVE-2020-9432: Lua-openssl project Lua-openssl


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ Medium CVE-2020-9433: Lua-openssl project Lua-openssl


๐Ÿ“ˆ 18.82 Punkte

๐Ÿ“Œ Medium CVE-2020-9434: Lua-openssl project Lua-openssl


๐Ÿ“ˆ 18.82 Punkte

matomo