Уязвимость реализации алгоритма шифрования ECDSA библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость функций DH_check(), DH_check_ex(), EVP_PKEY_param_check() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость процедуры AVX2 Montgomery библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость функций DH_check(), DH_check_ex() или EVP_PKEY_param_check() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость процессоров Intel архитектур Skylake и Kaby Lake, связанная с ошибками реализации технологии одновременной многопоточности (SMT), позволяющая нарушителю раскрыть защищаемую информацию

Security update for openssl-1_0_0

Security update for openssl-1_1

Security update for openssl-1_0_0

Security update for openssl-1_1

Security update for openssl

Security update for openssl-1_0_0

Security update for openssl-1_1

Security update for openssl-1_0_0

Security update for openssl-1_1

Security update for openssl-1_1

Security update for openssl-1_1

Security update for openssl1

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious...