Debian Bug report logs -
#878398
Security fixes from the October 2017 CPU
Package:
src:mysql-57;
Maintainer for src:mysql-57 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>;
Reported by: "Norvald H Ryeng" <norvaldryeng@oraclecom>
Date: Fri, 13 Oct 2017 10:51:01 UTC
Severity: grave
Tags: fix ...
Several security issues were fixed in OpenSSL ...
Synopsis
Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 packages are now availableRed Hat Product Security has rated this release as having a security impactof Moderate A ...
Synopsis
Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 RHEL 7 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 packages are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this release as ...
Synopsis
Moderate: openssl security update
Type/Severity
Security Advisory: Moderate
Topic
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scori ...
Synopsis
Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 RHEL 6 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 packages are now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this release as h ...
Several vulnerabilities were discovered in OpenSSL:
CVE-2016-7056
A local timing attack was discovered against ECDSA P-256
CVE-2016-8610
It was discovered that no limit was imposed on alert packets during
an SSL handshake
CVE-2017-3731
Robert Swiecki discovered that the RC4-MD5 cipher when running on
32 bit systems could be f ...
An integer underflow leading to an out of bounds read flaw was found in OpenSSL A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite (CVE-2017-3731)
A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a ...
An integer underflow leading to an out of bounds read flaw was found in OpenSSL A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite ...
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash For OpenSSL 110, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 110d For Openssl 102, the cr ...
On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: Novem ...
SecurityCenter has recently been discovered to contain several vulnerabilities Four issues in the SC code were discovered during internal testing by Barry Clark, and several third-party libraries were upgraded as part of our internal security process Note that the library vulnerabilities were not fully diagnosed so SecurityCenter is possibly impa ...
On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities
If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash This could be exploited in a Denial of S ...