Ubuntu Security Notice 7018-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
587acc1f444243f9ef3c25e4d1de8aecbfcae8208b00502e26bf42e93ab7624cUbuntu Security Notice 6994-1 - It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to consume resources, leading to a denial of service.
151f4791ce1bf18350da328db884812f982e73c362b6de11f386b30f3d2006efUbuntu Security Notice 6709-1 - It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.
a3c85443f6ce0636dc4acc75b294ee38bc75374485acad341a73a787d547a0cbRed Hat Security Advisory 2024-0888-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.
2caf5966bd70f2ed6f8c6c31a70942293c3b0c858d8049a4eea7b0a0e6470c95Red Hat Security Advisory 2024-0208-03 - An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
e2683b7e7c1eaa4b94be8055f2acd55b322b5b3279616fd95b5e10c29c82304cRed Hat Security Advisory 2024-0154-03 - An update for openssl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
a2ff91af53be88263e3b464863f1bf0c4a0ac27b80070788392aeb8944a288e8Red Hat Security Advisory 2023-7877-03 - An update for openssl is now available for Red Hat Enterprise Linux 8.
79766b90d0f80e7196504f3ddf5e7b091dcb56864a6c0e4babe5c713cefd9c29Debian Linux Security Advisory 5558-1 - Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.
23d44cf0ae6f714d7e561de1cde1502c1854f5a0c48f997685f74b83329351c0Ubuntu Security Notice 6435-2 - USN-6435-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service.
59d340970afcd638ff53547b215993cbec3a2b96fa9685449422e51dfd241ffbRed Hat Security Advisory 2023-5946-01 - Red Hat AMQ Broker 7.11.3 is now available from the Red Hat Customer Portal. Issues addressed include denial of service and open redirection vulnerabilities.
3e5253e2561ca56e9e736fd6943b53ad9c218451550faad77b16088aa895d299Ubuntu Security Notice 6435-1 - It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. Bernd Edlinger discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service.
e4c02d0cf75df128a82009e6b74401d4b3f8c229dcc5899f73bc5f7c3bd1e952Red Hat Security Advisory 2023-5486-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
c41eab1bdefe1734d05ef822e1f40834bb472bd705276a997550cad139f17438Red Hat Security Advisory 2023-5485-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
05ddf4b2fcec8ec1b289ddd64f5600527dbce6e10cb58168da66cd587b6e820cRed Hat Security Advisory 2023-5488-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
fc29eee544ffd7736060e3f645e7a77e9f8a4138074c2e3661979df5b62f2856Red Hat Security Advisory 2023-5484-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
8212b9ff95cfb410ac120e8a1a11a37d532f8e090a9b888d64019acf467a6114Red Hat Security Advisory 2023-5441-01 - Red Hat Integration Camel for Spring Boot 4.0.0 is now available. Issues addressed include an XML injection vulnerability.
4985987bfaf6fd9ed60f606650443e1312bbb66be0bb205dc8e01101a680964bRed Hat Security Advisory 2023-5396-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Issues addressed include a denial of service vulnerability.
5388c15c1be8ba9a9c861d5cffb8e69e29258e619854a33049b6445639365da7Red Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.
c7bacd29d694aaaaf457349ec19016b4d130ffc214bfce870fe209e62bdbdd3cThe DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells (5-7). Successfully tested against Apache nifi 1.17.0 through 1.21.0.
0160a2622a4649020abd8fb0d476ca59d2c4968c668499c8167e44d6c9276020OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.1.x series is the current major version of OpenSSL.
a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.
1761d4f5b13a1028b9b6f3d4b8e17feb0cedc9370f6afe61d7193d2cdce83323OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.
d6697e2871e77238460402e9362d47d18382b15ef9f246aba6c7bd780d38a6b0OpenSSL Security Advisory 20230731 - Checking excessively long DH keys or parameters may be very slow.
b497bf3e1c45020f0f227205c740557918c2fef680976bc3d389ede0493cb6b1OpenSSL Security Advisory 20230719 - Checking excessively long DH keys or parameters may be very slow.
317d782978ef6b0abc3f22eb5afa9d3557d2e60a10438b7019257e55a88ad3b0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed