Debian Bug report logs -
#1034720
openssl: CVE-2023-1255 CVE-2023-0466 CVE-2023-0465 CVE-2023-0464
Package:
src:openssl;
Maintainer for src:openssl is Debian OpenSSL Team <pkg-openssl-devel@alioth-listsdebiannet>;
Reported by: Moritz Mühlenhoff <jmm@inutilorg>
Date: Sat, 22 Apr 2023 17:30:01 UTC
Severity: importa ...
Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit
CVE-2023-0464
David Benjamin reported a flaw related to the verification of X509
certificate chains that include policy constraints, which may result
in denial of service
CVE-2023-0465
David Benjamin reported that invalid certificate policie ...
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X509 certificate chains that include policy constraints Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-serv ...
Synopsis
Important: Network observability 130 for Openshift
Type/Severity
Security Advisory: Important
Topic
Network Observability 130 for OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ava ...
Synopsis
Moderate: OpenShift Container Platform 4136 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Con ...
概述
Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update
类型/严重性
Security Advisory: Important
标题
Red Hat JBoss Core Services Apache HTTP Server 2457 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Synopsis
Moderate: Red Hat JBoss Web Server 577 release and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Web Server 577 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows ServerRed Hat Product Security has rated this update as h ...
概述
Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update
类型/严重性
Security Advisory: Important
Red Hat Insights 补丁分析
识别并修复受此公告影响的系统。
查看受影响的系统
标题
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has ...
Synopsis
Moderate: Red Hat OpenShift Enterprise security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 41223 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...
Synopsis
Moderate: openssl security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Synopsis
Important: Security Update for cert-manager Operator for Red Hat OpenShift 1103
Type/Severity
Security Advisory: Important
Topic
cert-manager Operator for Red Hat OpenShift 1103Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgive ...
Synopsis
Moderate: OpenShift Container Platform 4135 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4135 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platf ...
Synopsis
Moderate: Red Hat OpenShift Data Foundation 4131 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4131 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this update ...
Synopsis
Moderate: Red Hat JBoss Web Server 577 release and security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update is now available for Red Hat JBoss Web Server 577 on Red Hat Enterprise Linux versio ...
Synopsis
Moderate: OpenShift sandboxed containers 141 security update
Type/Severity
Security Advisory: Moderate
Topic
OpenShift sandboxed containers 141 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed seve ...
Description<!---->A security vulnerability has been identified in all supported OpenSSL versions related to verifying X509 certificate chains that include policy constraints This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a deni ...
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption This issue affects all RSA padding m ...
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X509 certificate chains that include policy constraints Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-serv ...
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X509 certificate chains that include policy constraints Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-serv ...
A null pointer dereference flaw was found in openssl A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service The highest threat from this vulnerability is to system availability (CVE-2020-1971)
Calls to EVP_CipherUpdate, EVP_En ...