Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
87a60175fe0e0dde7ae7865168e89fd3521aa1306210d2d9c8b32e05f763b1a9Red Hat Security Advisory 2019-1297-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. It addresses denial of service and privilege escalation vulnerabilities.
1d3819c3a795696655f8712247c8df410655f69b1a073bb7b1b32d9271562472Red Hat Security Advisory 2019-1296-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. It serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. It addresses denial of service and privilege escalation vulnerabilities.
5ed148ee5c1aa1a8483ec13ffbf8a1df403d3b3e5e5aa321f31d0c7e9dc09b53Debian Linux Security Advisory 4355-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
b913df49694577978d9065ec818547f4d3d6619f2cbbc393194fc7e2ac40992aDebian Linux Security Advisory 4348-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
984666d462c32381f4c81ceeb80d94d68254862db64e2525c9fc37e73b61fd81Gentoo Linux Security Advisory 201811-3 - A vulnerability in OpenSSL might allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.2o-r6 are affected.
2567e550284a41d0a884d941d89911bfb3bd909ca61b03a9f3e550906d00e4f5Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.
5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49Red Hat Security Advisory 2018-3221-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a denial of service vulnerability.
f834291e7efc55a6d4018d8ba12fd62c80f36b5a912355996aca5eab461c7cffRed Hat Security Advisory 2018-2552-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Node.js 8.11.4 serves as a replacement for RHOAR Node.js 8.11.3, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include a denial of service vulnerability.
37307ce7684b48b3db0280e253859d8dbc87f032ab3496e10eb504afb60da961Red Hat Security Advisory 2018-2553-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Node.js 10.9.0 serves as a replacement for RHOAR Node.js 10.8.0, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include a denial of service vulnerability.
b2e1f7f884bc63411636143ea5efb588a6b120655fcfc7e5f71305f1dfe4a133OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
6e711887d2814ee045ff01a89ca03e6b1ae678c324141c1fa0b6f5d63c441183Ubuntu Security Notice 3692-1 - Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.
64a55400d3928d560eed60fa189b3f16e104aacf734c115775b42e7ec6f162c5Ubuntu Security Notice 3692-2 - USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
c9a4413cce1293192cef94ae1323f4ac3f80a693b84d4dd16582f330058c726dOpenSSL Security Advisory 20180612 - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
990b7272eacc3360cb8f87129649c216bb73a08254b69b6490b15af00da77501
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed