OpenSSL Security Advisory

2021-03-25 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [25 March 2021] = CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) Severity: High

OpenSSL Security Advisory

2021-02-16 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [16 February 2021] Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) Severity: Moderate

OpenSSL Security Advisory

2020-12-08 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [08 December 2020] EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) == Severity: High The X.509 GeneralName type

Re: OpenSSL Security Advisory

2020-09-09 Thread Dmitry Belyavsky
t; > Is the description of the attack publicly available? > >> > > >> > On Wed, Sep 9, 2020 at 3:39 PM OpenSSL wrote: > >> >> > >> >> -BEGIN PGP SIGNED MESSAGE- > >> >> Hash: SHA512 > >> >> > >>

Re: OpenSSL Security Advisory

2020-09-09 Thread Mark J Cox
r paper very soon (today). >> >> Regards, Mark >> >> On Wed, Sep 9, 2020 at 1:45 PM Dmitry Belyavsky wrote: >> > >> > Is the description of the attack publicly available? >> > >> > On Wed, Sep 9, 2020 at 3:39 PM OpenSSL wrote: >> >> &

Re: OpenSSL Security Advisory

2020-09-09 Thread Dmitry Belyavsky
e attack publicly available? > > > > On Wed, Sep 9, 2020 at 3:39 PM OpenSSL wrote: > >> > >> -BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA512 > >> > >> OpenSSL Security Advisory [09 September 2020] > &

Re: OpenSSL Security Advisory

2020-09-09 Thread Mark J Cox
AGE- >> Hash: SHA512 >> >> OpenSSL Security Advisory [09 September 2020] >> = >> >> Raccoon Attack (CVE-2020-1968) >> == >> >> Severity: Low >> >> The Raccoon a

Re: OpenSSL Security Advisory

2020-09-09 Thread Dmitry Belyavsky
Is the description of the attack publicly available? On Wed, Sep 9, 2020 at 3:39 PM OpenSSL wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > OpenSSL Security Advisory [09 September 2020] > = > > Raccoon

OpenSSL Security Advisory

2020-09-09 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 OpenSSL Security Advisory [09 September 2020] = Raccoon Attack (CVE-2020-1968) == Severity: Low The Raccoon attack exploits a flaw in the TLS specification which can lead

OpenSSL Security Advisory

2020-04-21 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [21 April 2020] = Segmentation fault in SSL_check_chain (CVE-2020-1967) = Severity: High Server or client applications that call

OpenSSL Security Advisory

2019-12-06 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [6 December 2019] === rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) === Severity: Low There is an overflow bug in the x64_64

OpenSSL Security Advisory

2019-09-11 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 OpenSSL Security Advisory [10 September 2019] = ECDSA remote timing attack (CVE-2019-1547) == Severity: Low Normally in OpenSSL EC groups always have a co-factor

OpenSSL Security Advisory

2019-07-30 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 OpenSSL Security Advisory [30 July 2019] Windows builds with insecure path defaults (CVE-2019-1552) == Severity: Low OpenSSL has internal defaults

OpenSSL Security Advisory

2019-03-06 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 OpenSSL Security Advisory [6 March 2019] ChaCha20-Poly1305 with long nonces (CVE-2019-1543) == Severity: Low ChaCha20-Poly1305 is an AEAD cipher

OpenSSL Security Advisory

2019-02-26 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 OpenSSL Security Advisory [26 February 2019] 0-byte record padding oracle (CVE-2019-1559) Severity: Moderate If an application encounters a fatal protocol

[openssl-project] OpenSSL Security Advisory

2018-11-12 Thread Matt Caswell
OpenSSL Security Advisory [12 November 2018] Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) === Severity: Low OpenSSL ECC scalar

[openssl-project] OpenSSL Security Advisory

2018-04-16 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [16 Apr 2018] Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) Severity: Low The OpenSSL RSA Key