Debian Bug report logs -
#533661
"slowloris" denial-of-service vulnerability
Package:
apache2;
Maintainer for apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache2 is src:apache2 (PTS, buildd, popcon)
Reported by: Michael S Gilbert <michaelsgilbert@gmailcom>
Date: Fri, 19 Jun 20 ...
Debian Bug report logs -
#765539
Not possible to disable SSLv3
Package:
pound;
Maintainer for pound is Carsten Leonhardt <leo@debianorg>; Source for pound is src:pound (PTS, buildd, popcon)
Reported by: Brian May <brian@microcomaustraliacomau>
Date: Thu, 16 Oct 2014 01:09:02 UTC
Severity: important
Tags: security ...
Debian Bug report logs -
#719954
polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake
Package:
polarssl;
Maintainer for polarssl is Roland Stigge <stigge@antcomde>;
Reported by: Henri Salo <henri@nervfi>
Date: Sat, 17 Aug 2013 07:42:01 UTC
Severity: important
Tags: fixed-upstream, ...
Debian Bug report logs -
#704946
polarssl: CVE-2009-3555
Package:
polarssl;
Maintainer for polarssl is Roland Stigge <stigge@antcomde>;
Reported by: Michael Gilbert <mgilbert@debianorg>
Date: Mon, 8 Apr 2013 02:39:02 UTC
Severity: important
Tags: security
Fixed in version polarssl/131-1
Done: Roland Stigge < ...
Debian Bug report logs -
#725359
polarssl: CVE-2013-5914 CVE-2013-5915
Package:
polarssl;
Maintainer for polarssl is Roland Stigge <stigge@antcomde>;
Reported by: Moritz Muehlenhoff <jmm@inutilorg>
Date: Fri, 4 Oct 2013 14:15:10 UTC
Severity: grave
Tags: pending, security
Found in version 128-2
Fixed in version ...
Synopsis
Critical: java-160-sun security update
Type/Severity
Security Advisory: Critical
Topic
Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having ...
Synopsis
Important: openssl security update
Type/Severity
Security Advisory: Important
Topic
Updated openssl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerabi ...
Synopsis
Important: java-160-openjdk security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Updated java-160-openjdk packages that fix several security issues andtwo bugs are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as ha ...
Synopsis
Critical: java-142-ibm security update
Type/Severity
Security Advisory: Critical
Topic
Updated java-142-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4Extras, and Red Hat Enterprise Linux 5 SupplementaryThe Red Ha ...
Synopsis
Moderate: httpd and httpd22 security update
Type/Severity
Security Advisory: Moderate
Topic
Updated httpd and httpd22 packages that fix multiple security issues arenow available for JBoss Enterprise Web Server 100 for Red Hat EnterpriseLinux 4 and 5This update has been rated as having moderate s ...
Synopsis
Critical: java-160-ibm security update
Type/Severity
Security Advisory: Critical
Topic
Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...
Synopsis
Critical: java-160-sun security update
Type/Severity
Security Advisory: Critical
Topic
Updated java-160-sun packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having cri ...
Synopsis
Moderate: nss security update
Type/Severity
Security Advisory: Moderate
Topic
Updated nss packages that fix a security issue are now available for RedHat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Scori ...
Synopsis
Low: JBoss Enterprise Web Server 101 update
Type/Severity
Security Advisory: Low
Topic
JBoss Enterprise Web Server 101 is now available for Red Hat EnterpriseLinux 4 and 5This update has been rated as having low security impact by the Red HatSecurity Response Team
Description
...
Synopsis
Moderate: gnutls security update
Type/Severity
Security Advisory: Moderate
Topic
Updated gnutls packages that fix two security issues are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scor ...
Synopsis
Moderate: openssl097a security update
Type/Severity
Security Advisory: Moderate
Topic
Updated openssl097a packages that fix a security issue are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabi ...
Synopsis
Moderate: openssl security update
Type/Severity
Security Advisory: Moderate
Topic
Updated openssl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 3 and 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulner ...
Synopsis
Moderate: java-142-ibm security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Updated java-142-ibm packages that fix one security issue and a bug arenow available for Red Hat Enterprise Linux 3 Extras, Red Hat EnterpriseLinux 4 Extras, and Red Hat Enterprise Linux 5 Supplem ...
Synopsis
Critical: java-150-sun security update
Type/Severity
Security Advisory: Critical
Topic
The java-150-sun packages as shipped in Red Hat Enterprise Linux 4 Extrasand 5 Supplementary contain security flaws and should not be usedThe Red Hat Security Response Team has rated this update as having cr ...
Synopsis
Moderate: java-150-ibm security update
Type/Severity
Security Advisory: Moderate
Topic
Updated java-150-ibm packages that fix a security issue are now availablefor Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having moderate security impact by the RedHat S ...
Synopsis
Moderate: gnutls security update
Type/Severity
Security Advisory: Moderate
Topic
Updated gnutls packages that fix two security issues are now available forRed Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scor ...
Synopsis
Important: java-160-openjdk security update
Type/Severity
Security Advisory: Important
Topic
Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...
Several vulnerabilities were discovered in the TLS/SSL protocol This
update addresses these protocol vulnerabilities in lighttpd
CVE-2009-3555
Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS
and SSLv3 protocols do not properly associate renegotiation
handshakes with an existing connection, which allows man-in-the-middle
...
DSA-2141 consists of three individual parts, which can be viewed in the
mailing list archive:
DSA 2141-1 (openssl),
DSA 2141-2 (nss),
DSA 2141-3 (apache2), and
DSA 2141-4 (lighttpd)
This page only covers the first part, openssl
CVE-2009-3555
Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS
and SSLv3 protocols If an attacke ...
A design flaw has been found in the TLS and SSL protocol that allows
an attacker to inject arbitrary content at the beginning of a TLS/SSL
connection The attack is related to the way how TLS and SSL handle
session renegotiations CVE-2009-3555 has been assigned to this
vulnerability
As a partial mitigation against this attack, this apache2 update ...
Pound, a HTTP reverse proxy and load balancer, had several issues
related to vulnerabilities in the Secure Sockets Layer (SSL) protocol
For Debian 7 (wheezy) this update adds a missing part to make it actually
possible to disable client-initiated renegotiation and disables it by default
(CVE-2009-3555)
TLS compression is disabled (CVE-2012-4929), ...
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content
at the beginning of the user’s session (CVE-2009-3555) ...
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user’s session This update adds support for the new
new renegotiation extension and will use it when the serve ...
Under certain conditions, an attacker could execute commands in web
applications using your authenticated credentials ...
Under certain conditions, an attacker could execute commands in web
applications using your authenticated credentials ...
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user’s session The flaw is with TLS renegotiation and
potentially affects any software that supports this feat ...
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and
SSLv3 protocols If an attacker could perform a man in the middle
attack at the start of a TLS connection, the attacker could inject
arbitrary content at the beginning of the user’s session USN-923-1
disabled SSL/TLS renegotiation by default; this update implements
the TLS Renegotiati ...
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user’s session This update adds backported support
for the new RFC5746 renegotiation extension and will use it ...
USN-860-1 introduced a partial workaround to Apache that disabled client
initiated TLS renegotiation in order to mitigate CVE-2009-3555 USN-990-1
introduced the new RFC5746 renegotiation extension in openssl, and
completely resolves the issue ...
Mozilla Foundation Security Advisory 2010-22
Update NSS to support TLS renegotiation indication
Announced
March 30, 2010
Reporter
Mozilla developers and community
Impact
Low
Products
Firefox, SeaMonkey, Thunderbird
Fixe ...
Multiple Transport Layer Security (TLS) implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack
The vulnerability exists during a TLS renegotiation process If an attacker can intercept traffic from a client to a TLS server, the attacker co ...
An industry-wide vulnerability exists in the Transport Layer Security
(TLS) protocol that could impact any Cisco product that uses any version of TLS
and SSL The vulnerability exists in how the protocol handles session
renegotiation and exposes users to a potential man-in-the-middle attack
This advisory is posted at
toolscisc ...