Jump to content


Photo

OpenSSL updated ...


  • Please log in to reply
5 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 17 November 2010 - 08:24 AM

FYI...

OpenSSL TLS server extension vuln - update available
- http://secunia.com/advisories/42243/
Release Date: 2010-11-16
Criticality level: Moderately critical
Impact: DoS, System access
Solution Status: Vendor Patch ...
CVE Reference: http://web.nvd.nist....d=CVE-2010-3864
... The vulnerability is reported in versions 0.9.8f through 0.9.8o and versions 1.0.0 and 1.0.0a.
Solution: Update to version 0.9.8p and 1.0.0b or apply patches.
Original Advisory: http://www.openssl.o...dv_20101116.txt

- http://www.securityt....com/id?1024743
Nov 16 2010

- http://www.us-cert.g...ses_openssl_1_0
November 17, 2010

:!:

Edited by AplusWebMaster, 18 November 2010 - 03:16 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 09 December 2010 - 11:13 AM

FYI...

OpenSSL v0.9.8q-v1.0.0c released
- http://secunia.com/advisories/42473/
Last Update: 2010-12-08
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
CVE Reference(s):
http://web.nvd.nist....d=CVE-2008-7270
http://web.nvd.nist....d=CVE-2010-4180
... The vulnerability is reported in all versions prior to 0.9.8q or 1.0.0c.
Solution: Update to version 0.9.8q or 1.0.0c or apply patches.
Original Advisory:
http://www.openssl.o...dv_20101202.txt

:ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 05 January 2012 - 06:26 AM

FYI...

OpenSSL vulns/fixes ...
- https://isc.sans.edu...l?storyid=12322
Last Updated: 2012-01-05 00:46:00 UTC - "... CVEs include:
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Double-free in Policy Checks (CVE-2011-4109)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
Details here: http://openssl.org/n...dv_20120104.txt
Downloads here: http://openssl.org/source/ ..."

- http://www.openssl.o...dv_20120104.txt
04 Jan 2012 - "... Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s..."

- https://secunia.com/advisories/47426/
Release Date: 2012-01-05
Criticality level: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution: Update to version 0.9.8s or 1.0.0f.

- http://www.securityt....com/id/1026485
CVE Reference
- http://web.nvd.nist....d=CVE-2011-4108 - 4.3
- http://web.nvd.nist....d=CVE-2011-4109 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2011-4576 - 5.0
- http://web.nvd.nist....d=CVE-2011-4577 - 4.3
- http://web.nvd.nist....d=CVE-2011-4619 - 5.0
- http://web.nvd.nist....d=CVE-2012-0027 - 5.0
- http://web.nvd.nist....d=CVE-2012-0390 - 4.3
Updated: Jan 6 2012
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): prior to 0.9.8s; 1.x prior to 1.0.0f

:!: :ph34r:

Edited by AplusWebMaster, 09 January 2012 - 10:41 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 20 January 2012 - 02:37 PM

FYI...

OpenSSL v0.9.8t, 1.0.0g released
- http://www.securityt....com/id/1026548
Date: Jan 19 2012
CVE Reference: http://web.nvd.nist....d=CVE-2012-0050 - 5.0
[Regression: "...incorrect fix for CVE-2011-4108"]
Impact: DoS via network
Version(s): 0.9.8s, 1.0.0f ...
... Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected.
Solution: The vendor has issued a fix (0.9.8t, 1.0.0g).
The vendor's advisory is available at:
http://www.openssl.o...dv_20120118.txt
18 Jan 2012 - "... Affected users should upgrade to OpenSSL 1.0.0g or 0.9.8t."

:ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 07 January 2014 - 11:36 AM

FYI...

 

OpenSSL 1.0.1f released ...
- https://secunia.com/advisories/56286/
Last Update: 2014-01-07
Criticality: Moderately Critical
Where: From remote
Impact: DoS ...
CVE Reference(s):
- https://web.nvd.nist...d=CVE-2013-4353
- https://web.nvd.nist...d=CVE-2013-6449 - 4.3
- https://web.nvd.nist...d=CVE-2013-6450 - 5.8
Solution: Update to version 1.0.1f.
Original Advisory: OpenSSL:
https://www.openssl....news/index.html

- http://www.securityt....com/id/1029557
CVE Reference: CVE-2013-4353
Jan 7 2014
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0.1x prior to 1.0.1f...
Solution: The vendor has issued a fix (1.0.1f)...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 09 January 2014 - 11:18 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 09 April 2014 - 05:35 AM

FYI...

- https://atlas.arbor....ndex#-918139434
Extreme Severity
17 Apr 2014 - "Repurcussions from the OpenSSL Heartbleed vulnerability disclosed last week continues, with potentially compromised certificates still being used and multiple applications and devices still affected by the OpenSSL flaw..."
___

OpenSSL TLS Heartbeat - 1.0.1g
- http://www.securityt....com/id/1030026
CVE Reference: https://web.nvd.nist...d=CVE-2014-0160
Updated: Apr 11 2014
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0.1 through 1.0.1f; 1.0.2-beta ...
Impact: A remote user can obtain potentially sensitive information, including encryption keys.
Solution: The vendor has issued a fix (1.0.1g; fix pending for 1.0.2-beta2).
The vendor's advisory is available at:
- http://www.openssl.o...dv_20140407.txt
"... Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2."

- https://secunia.com/advisories/57347/
Last Update: 2014-04-10
Where: From remote
Impact: Exposure of sensitive information...
CVE Reference(s): CVE-2014-0160
... vulnerability is reported in versions 1.0.1 through 1.0.1f.
Solution: Update to version 1.0.1g.
___

Affects 5% of Select Top Level Domains from Top 1M websites
- http://blog.trendmic...llion-websites/
Apr 10, 2014

Vulnerable sites per country
- http://blog.trendmic...SSL-scan2-L.jpg

Mobile Apps affected ...
- http://blog.trendmic...e-affected-too/
Update as of April 11, 2014 - "After doing a second round of scanning, we have found that around 7,000 apps are connected to vulnerable servers."
___

- http://www.kb.cert.org/vuls/id/720951
Last revised: 11 Apr 2014

- https://isc.sans.edu...l?storyid=17921
Last Updated: 2014-04-08 20:23:51 UTC - Version: 2

Heartbleed vendor notifications
- https://isc.sans.edu...l?storyid=17929
Last Updated: 2014-04-09 21:45:56 UTC

- http://blog.trendmic...-vulnerability/
Apr 8, 2014
___

Android OpenSSL TLS Heartbeat vuln
- https://secunia.com/advisories/57386/
Release Date: 2014-04-10
Criticality: Moderately Critical
Where: From remote
Impact: Exposure of sensitive information
Solution Status: Vendor Patch
Operating System: Android 4.x
CVE Reference(s): CVE-2014-0160
...  vulnerability is caused due to a bundled vulnerable version of OpenSSL.
For more information: https://secunia.com/SA57347/
The vulnerability is reported in version 4.1.1...
Original Advisory:
- http://googleonlines...to-address.html
April 9, 2014
Apr 12, Apr 14, Apr 16: Updated...
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 18 April 2014 - 10:44 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button