Debian Bug report logs -
#841049
Security fixes from the October 2016 CPU
Package:
src:mysql-56;
Maintainer for src:mysql-56 is (unknown);
Reported by: "Norvald H Ryeng" <norvaldryeng@oraclecom>
Date: Mon, 17 Oct 2016 08:33:02 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version mysql-56/56 ...
USN-3087-1 introduced a regression in OpenSSL ...
Several security issues were fixed in OpenSSL ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6416 natives update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 6
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis
Important: openssl security update
Type/Severity
Security Advisory: Important
Topic
An update for openssl is now available for Red Hat Enterprise Linux 62 Advanced Update Support, Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux 65 Advanced Update Support, Red Hat En ...
Synopsis
Important: Red Hat JBoss Web Server 310 Service Pack 1 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Synopsis
Important: openssl security update
Type/Severity
Security Advisory: Important
Topic
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sc ...
Synopsis
Important: Red Hat JBoss Web Server Service Pack 1 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6416 natives update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 64 for R ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support
The <a href="https:/ ...
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support ...
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity”
Subsequently, on September 26, the OpenSSL Software Foundatio ...
A malicious client can send an excessively large OCSP Status Request extension If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server This will eventually lead to a Denial Of Service attack through memory exhaustion Servers with a defaul ...
Nessus is potentially impacted by several vulnerabilities in OpenSSL (20160926) that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time These vulnerabilities may impact Nessus and include:
CVE-2 ...
LCE 481 is possibly impacted by multiple vulnerabilities reported in third-party libraries Tenable has not investigated each one to determine if it is exploitable or the vulnerable code path can be reached Instead, Dev has upgraded the impacted libraries as a faster and safer alternative Due to the number of library upgrades and the potential ...
Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality Four of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to PVS
OpenSSL ssl/statem/statemc read_state_ma ...