HP Security Bulletin HPSBMU02998 4 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.
b3fa1d0558fcbc91c2bc9655d1753596f578e24bdc3fbc14379ffefcbeff95b9HP Security Bulletin HPSBMU02998 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.
c9685c1be9739974f18aeecc3433961057ad78f3c535bd0a7eebe068b0ba2914HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
733ae6b6c797c2f872b96a8cfe71841d57f9fd119cfbb08abf8bc944a7445c49Red Hat Security Advisory 2014-0416-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
0032421aec1d1d27f91354a5fea1ce01a8e83f64e4d39583854c2b9d91e466a1Gentoo Linux Security Advisory 201402-25 - A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition. Versions less than 1.0.1f are affected.
dc177282d243b8879ad0b5b085aa003520dc2c9504ed6635ff0590bdc37c0499Red Hat Security Advisory 2014-0041-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected.
b4c76518fefda3f3206630aed636919cd1cea85e9a2b797b898a47ee35f3368fFreeBSD Security Advisory - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2.
8cfc9cbab96b1b477732894dceb5515843f94bda1957f4f8b56f78b5d7e6a1d7Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
ebc0bf7db2c1373c3cec26d9751559ebf1ff1de1ec43698726547a8808565a5dOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5aUbuntu Security Notice 2079-1 - Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
8b01c75a1f6dc71ca305dc74fc6913c030cad0950cfba7ec713698b31175de80Red Hat Security Advisory 2014-0015-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash.
e810c2f62369368cb293ec77fdf44a3403252f30e6633f76d3085aec1b4a7d94Debian Linux Security Advisory 2837-1 - Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference.
6994946e9b9d496cd4cb38e8153d382c718c783522f5a47212b7c7e15cdef6c6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed