Количество 54
Количество 54
SUSE-SU-2019:0600-1
Security update for openssl-1_0_0
SUSE-SU-2019:0572-1
Security update for openssl-1_0_0
GHSA-9ccq-7hvh-cv7p
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
ELSA-2019-2471
ELSA-2019-2471: openssl security update (MODERATE)
BDU:2019-00985
Уязвимость функции SSL_shutdown средства криптографической защиты OpenSSL, позволяющая нарушителю раскрыть защищаемую информацию
GHSA-93g8-hm6f-hrw3
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
BDU:2019-01256
Уязвимость реализации алгоритма шифрования DSA (Digital Signature Algorithm) библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
openSUSE-SU-2018:4050-1
Security update for openssl-1_0_0
openSUSE-SU-2018:3903-1
Security update for openssl
openSUSE-SU-2018:3890-1
Security update for openssl-1_1
SUSE-SU-2018:4001-1
Security update for openssl-1_0_0
SUSE-SU-2018:3989-1
Security update for openssl-1_0_0
SUSE-SU-2018:3945-1
Security update for openssl-1_1
SUSE-SU-2018:3866-1
Security update for openssl
SUSE-SU-2018:3863-1
Security update for openssl-1_1
openSUSE-SU-2019:1173-1
Security update for nodejs6
openSUSE-SU-2019:1076-1
Security update for nodejs4
SUSE-SU-2019:0818-1
Security update for nodejs6
SUSE-SU-2019:0658-1
Security update for nodejs4
openSUSE-SU-2018:4104-1
Security update for compat-openssl098
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2019:0600-1 Security update for openssl-1_0_0 | 4% Низкий | больше 6 лет назад | |
| SUSE-SU-2019:0572-1 Security update for openssl-1_0_0 | 4% Низкий | больше 6 лет назад | |
| GHSA-9ccq-7hvh-cv7p If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | CVSS3: 5.9 | 4% Низкий | около 3 лет назад |
| ELSA-2019-2471 ELSA-2019-2471: openssl security update (MODERATE) | почти 6 лет назад | ||
 | BDU:2019-00985 Уязвимость функции SSL_shutdown средства криптографической защиты OpenSSL, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 5.9 | 4% Низкий | больше 6 лет назад |
| GHSA-93g8-hm6f-hrw3 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | CVSS3: 5.9 | 6% Низкий | около 3 лет назад |
| BDU:2019-01256 Уязвимость реализации алгоритма шифрования DSA (Digital Signature Algorithm) библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 5.9 | 6% Низкий | больше 6 лет назад |
| openSUSE-SU-2018:4050-1 Security update for openssl-1_0_0 | больше 6 лет назад | ||
| openSUSE-SU-2018:3903-1 Security update for openssl | больше 6 лет назад | ||
| openSUSE-SU-2018:3890-1 Security update for openssl-1_1 | больше 6 лет назад | ||
| SUSE-SU-2018:4001-1 Security update for openssl-1_0_0 | больше 6 лет назад | ||
| SUSE-SU-2018:3989-1 Security update for openssl-1_0_0 | больше 6 лет назад | ||
| SUSE-SU-2018:3945-1 Security update for openssl-1_1 | больше 6 лет назад | ||
| SUSE-SU-2018:3866-1 Security update for openssl | больше 6 лет назад | ||
| SUSE-SU-2018:3863-1 Security update for openssl-1_1 | больше 6 лет назад | ||
| openSUSE-SU-2019:1173-1 Security update for nodejs6 | около 6 лет назад | ||
| openSUSE-SU-2019:1076-1 Security update for nodejs4 | около 6 лет назад | ||
| SUSE-SU-2019:0818-1 Security update for nodejs6 | около 6 лет назад | ||
| SUSE-SU-2019:0658-1 Security update for nodejs4 | больше 6 лет назад | ||
| openSUSE-SU-2018:4104-1 Security update for compat-openssl098 | больше 6 лет назад |
Уязвимостей на страницу