ID CVE-2015-7575
Summary Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
References
Vulnerable Configurations
  • Mozilla Network Security Services 3.20.1
    cpe:2.3:a:mozilla:network_security_services:3.20.1
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Mozilla Firefox ESR 38.0
    cpe:2.3:a:mozilla:firefox_esr:38.0
  • Mozilla Firefox ESR 38.0.1
    cpe:2.3:a:mozilla:firefox_esr:38.0.1
  • Mozilla Firefox ESR 38.0.5
    cpe:2.3:a:mozilla:firefox_esr:38.0.5
  • Mozilla Firefox ESR 38.1.0
    cpe:2.3:a:mozilla:firefox_esr:38.1.0
  • Mozilla Firefox ESR 38.1.1
    cpe:2.3:a:mozilla:firefox_esr:38.1.1
  • Mozilla Firefox ESR 38.2.0
    cpe:2.3:a:mozilla:firefox_esr:38.2.0
  • Mozilla Firefox ESR 38.2.1
    cpe:2.3:a:mozilla:firefox_esr:38.2.1
  • Mozilla Firefox Extended Support Release (ESR) 38.3.0
    cpe:2.3:a:mozilla:firefox_esr:38.3.0
  • Mozilla Firefox ESR 38.4.0
    cpe:2.3:a:mozilla:firefox_esr:38.4.0
  • Mozilla Firefox ESR 38.5.0
    cpe:2.3:a:mozilla:firefox_esr:38.5.0
  • Mozilla Firefox ESR 38.5.1
    cpe:2.3:a:mozilla:firefox_esr:38.5.1
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Mozilla Firefox 43.0.1
    cpe:2.3:a:mozilla:firefox:43.0.1
CVSS
Base: 4.3 (as of 18-08-2016 - 14:58)
Impact:
Exploitability:
CWE CWE-19
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201801-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201801-15 (PolarSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might be able to execute arbitrary code, cause Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-15
    plugin id 106039
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106039
    title GLSA-201801-15 : PolarSSL: Multiple vulnerabilities (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0012.NASL
    description Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 87812
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87812
    title RHEL 6 / 7 : gnutls (RHSA-2016:0012) (SLOTH)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2866-1.NASL
    description Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87846
    published 2016-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87846
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : firefox vulnerability (USN-2866-1) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV82327.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94174
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94174
    title AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2863-1.NASL
    description Karthikeyan Bhargavan and Gaetan Leurent discovered that OpenSSL incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87815
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87815
    title Ubuntu 12.04 LTS : openssl vulnerability (USN-2863-1) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV82328.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94175
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94175
    title AIX 7.1 TL 3 : nettcp (IV82328) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV88960.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94181
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94181
    title AIX 5.3 TL 12 : nettcp (IV88960) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1430.NASL
    description An update for java-1.7.0-ibm and java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 92400
    published 2016-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92400
    title RHEL 5 / 6 : java-1.7.0-ibm and java-1.7.1-ibm (RHSA-2016:1430) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-106.NASL
    description java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed : - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Includes the following fixes from the October 2015 update: (bsc#951376) - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4805: A remote user can exploit a flaw in the Embedded Serialization component to gain elevated privileges - CVE-2015-4806: A remote user can exploit a flaw in the Java SE Embedded Libraries component to partially access and partially modify data - CVE-2015-4835: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4842: A remote user can exploit a flaw in the Embedded JAXP component to partially access data - CVE-2015-4843: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4844: A remote user can exploit a flaw in the Embedded 2D component to gain elevated privileges - CVE-2015-4860: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4872: A remote user can exploit a flaw in the JRockit Security component to partially modify data []. - CVE-2015-4881: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4882: A remote user can exploit a flaw in the Embedded CORBA component to cause partial denial of service conditions - CVE-2015-4883: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4893: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4902: A remote user can exploit a flaw in the Java SE Deployment component to partially modify data - CVE-2015-4903: A remote user can exploit a flaw in the Embedded RMI component to partially access data - CVE-2015-4911: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4810: A local user can exploit a flaw in the Java SE Deployment component to gain elevated privileges - CVE-2015-4840: A remote user can exploit a flaw in the Embedded 2D component to partially access data - CVE-2015-4868: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4901: A remote user can exploit a flaw in the JavaFX component to gain elevated privileges - CVE-2015-4906: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4908: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4916: A remote user can exploit a flaw in the JavaFX component to partially access data
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88537
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88537
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-106) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3457.NASL
    description Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88426
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88426
    title Debian DSA-3457-1 : iceweasel - security update (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV88959.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94180
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94180
    title AIX 5.3 TL 12 : nettcp (IV88959) (SLOTH)
  • NASL family Windows
    NASL id ORACLE_JROCKIT_CPU_JAN_2016.NASL
    description The version of Oracle JRockit installed on the remote Windows host is R28 prior to R28.3.9. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security subcomponent due to a failure to reject MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange messages. A man-in-the-middle attacker, by triggering collisions, can exploit this issue to spoof servers. (CVE-2015-7575) - A memory corruption issue exists in the AWT subcomponent when decoding JPEG files. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-0483) - A collision-based forgery vulnerability, known as SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes), exists in the TLS protocol due to accepting RSA-MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange messages during a TLS handshake. A man-in-the-middle attacker can exploit this, via a transcript collision attack, to impersonate a TLS server. (CVE-2015-7575) (CVE-2016-0475) - A denial of service vulnerability exists in the JAXP subcomponent during the handling of expanded general entities. A remote attacker can exploit this to bypass the 'totalEntitySizeLimit' restrictions and exhaust available memory. (CVE-2016-0466)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 88041
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88041
    title Oracle JRockit R28 < R28.3.9 Multiple Vulnerabilities (January 2016 CPU) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV82330.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94176
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94176
    title AIX 7.1 TL 3 : nettcp (IV82330) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV79071.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques. This plugin has been deprecated to better accommodate iFix supersedence with a forthcoming replacement plugin.
    last seen 2017-10-29
    modified 2017-10-11
    plugin id 94172
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94172
    title AIX 6.1 TL 9 : nettcp (IV79071) (SLOTH) (deprecated)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV82331.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques. This plugin has been deprecated to better accommodate iFix supersedence with a forthcoming replacement plugin.
    last seen 2017-10-29
    modified 2017-10-11
    plugin id 94177
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94177
    title AIX 7.1 TL 3 : nettcp (IV82331) (SLOTH) (deprecated)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV86116.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 92560
    published 2016-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92560
    title AIX 6.1 TL 9 : nettcp (IV86116) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0636-1.NASL
    description This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89657
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89657
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:0636-1) (SLOTH)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0049.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) - fix high-precision timestamps in timestamping authority - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 91154
    published 2016-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91154
    title OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0428-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 119974
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119974
    title SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0428-1) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV86132.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 92565
    published 2016-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92565
    title AIX 7.2 TL 0 : nettcp (IV86132) (SLOTH)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201706-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201706-18 (mbed TLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in mbed TLS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 100944
    published 2017-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100944
    title GLSA-201706-18 : mbed TLS: Multiple vulnerabilities (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV78625.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94170
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94170
    title AIX 6.1 TL 9 : nettcp (IV78625) (SLOTH)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201605-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-04-05
    plugin id 91379
    published 2016-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91379
    title GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0770-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89961
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89961
    title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0770-1) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-126.NASL
    description SeaMonkey was updated to 2.40 (boo#959277) to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature - CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety hazards - CVE-2015-7204: Crash with JavaScript variable assignment with unboxed objects - CVE-2015-7207: Same-origin policy violation using perfomance.getEntries and history navigation - CVE-2015-7208: Firefox allows for control characters to be set in cookies - CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed - CVE-2015-7212: Integer overflow allocating extremely large textures - CVE-2015-7215: Cross-origin information leak through web workers error events - CVE-2015-7211: Hash in data URI is incorrectly parsed - CVE-2015-7218/CVE-2015-7219: DOS due to malformed frames in HTTP/2 - CVE-2015-7216/CVE-2015-7217: Linux file chooser crashes on malformed images due to flaws in Jasper library - CVE-2015-7203/CVE-2015-7220/CVE-2015-7221: Buffer overflows found through code inspection - CVE-2015-7205: Underflow through code inspection - CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions - CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright - CVE-2015-7223: Privilege escalation vulnerabilities in WebExtension APIs - CVE-2015-7214: Cross-site reading attack through data and view-source URIs
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88547
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88547
    title openSUSE Security Update : seamonkey (openSUSE-2016-126) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_BIND_NETTCP_ADVISORY2.NASL
    description The version of bind installed on the remote AIX host is affected by the following vulnerabilities : - The TLS protocol allows weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker can exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. (CVE-2015-7575) - IBM AIX does not require the newest version of TLS by default which allows a remote attacker to obtain sensitive information using man in the middle techniques. (CVE-2016-0266)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 104123
    published 2017-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104123
    title AIX bind Advisory : nettcp_advisory2.asc (IV86116) (IV86117) (IV86118) (IV86119) (IV86120) (IV86132)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV78624.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94169
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94169
    title AIX 6.1 TL 9 : nettcp (IV78624) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV86120.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 92564
    published 2016-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92564
    title AIX 5.3 TL 12 : nettcp (IV86120) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV82412.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94178
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94178
    title AIX 7.1 TL 3 : nettcp (IV82412) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV79072.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94173
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94173
    title AIX 6.1 TL 9 : nettcp (IV79072) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV88957.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques. This plugin has been deprecated to better accommodate iFix supersedence with a forthcoming replacement plugin.
    last seen 2017-10-29
    modified 2017-10-11
    plugin id 94179
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94179
    title AIX 5.3 TL 12 : nettcp (IV88957) (SLOTH) (deprecated)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV86117.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 92561
    published 2016-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92561
    title AIX 7.1 TL 3 : nettcp (IV86117) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV86118.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 92562
    published 2016-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92562
    title AIX 7.1 TL 4 : nettcp (IV86118) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV86119.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 92563
    published 2016-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92563
    title AIX 7.2 TL 0 : nettcp (IV86119) (SLOTH)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0001.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 87800
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87800
    title OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-129.NASL
    description This update for SeaMonkey fixes the following issues : - update to SeaMonkey 2.40 (bnc#959277) - requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 (bmo#1158489) MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature - MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards - MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects - MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation - MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies - MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed - MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures - MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events - MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed - MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2 - MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library - MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88550
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88550
    title openSUSE Security Update : SeaMonkey (openSUSE-2016-129) (SLOTH)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2904-1.NASL
    description Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-7575) Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitary code with the privileges of the user invoking Thunderbird. (CVE-2016-1523) Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1930) Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1935). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 89776
    published 2016-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89776
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : thunderbird vulnerabilities (USN-2904-1) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0584-1.NASL
    description This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues : Firefox 38.6.1 ESR (bsc#967087) The following vulnerabilities were fixed : - CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093) Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520) The following vulnerabilities were fixed : - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) The following improvements were added : - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89021
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89021
    title SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (SUSE-SU-2016:0584-1) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0149-1.NASL
    description This update contains mozilla-nss 3.19.2.2 and fixes the following security issue : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87988
    published 2016-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87988
    title SUSE SLED12 / SLES12 Security Update : mozilla-nss (SUSE-SU-2016:0149-1) (SLOTH)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0007.NASL
    description From Red Hat Security Advisory 2016:0007 : Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 87794
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87794
    title Oracle Linux 6 / 7 : nss (ELSA-2016-0007) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0189-1.NASL
    description This update contains mozilla-nss 3.19.2.2 and fixes the following security issue : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88082
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88082
    title SUSE SLED11 / SLES11 Security Update : mozilla-nss (SUSE-SU-2016:0189-1) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-59.NASL
    description This update to mbedtls 1.3.16 fixes the following security issues : - CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (boo#961284) - boo#961290: potential double free during certificate generation
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88131
    published 2016-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88131
    title openSUSE Security Update : mbedtls (openSUSE-2016-59) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0098.NASL
    description Updated java-1.8.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 8 SR2-FP10 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88554
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88554
    title RHEL 7 : java-1.8.0-ibm (RHSA-2016:0098) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0099.NASL
    description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3-FP30 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 88555
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88555
    title RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:0099) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0100.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9-FP30 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88556
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88556
    title RHEL 5 : java-1.7.0-ibm (RHSA-2016:0100) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_JAN2016_ADVISORY.NASL
    description The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following components : - 2D - AWT - IBM J9 JVM - JAXP - JMX - Libraries - Networking - Security
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 89053
    published 2016-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89053
    title AIX Java Advisory : java_jan2016_advisory.asc (January 2016 CPU) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV79070.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 94171
    published 2016-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94171
    title AIX 6.1 TL 9 : nettcp (IV79070) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0101.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP20 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 88557
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88557
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:0101) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0431-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88709
    published 2016-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88709
    title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0431-1) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0776-1.NASL
    description IBM Java was updated to version 6.0-16.20, fixing various security issues. More information can be found on http://www.i bm.com/developerworks/java/jdk/alerts/. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 89989
    published 2016-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89989
    title SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0776-1) (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0049.NASL
    description Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88060
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88060
    title CentOS 7 : java-1.8.0-openjdk (CESA-2016:0049) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0050.NASL
    description Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88036
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88036
    title RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0050) (SLOTH)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0053.NASL
    description From Red Hat Security Advisory 2016:0053 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 88070
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88070
    title Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2016-0053) (SLOTH)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0054.NASL
    description From Red Hat Security Advisory 2016:0054 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 88071
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88071
    title Oracle Linux 5 / 7 : java-1.7.0-openjdk (ELSA-2016-0054) (SLOTH)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-651.NASL
    description A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 88663
    published 2016-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88663
    title Amazon Linux AMI : gnutls (ALAS-2016-651) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0433-1.NASL
    description This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88710
    published 2016-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88710
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:0433-1) (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0050.NASL
    description Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88061
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88061
    title CentOS 6 : java-1.8.0-openjdk (CESA-2016:0050) (SLOTH)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    description An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 88037
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88037
    title Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (SLOTH)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-643.NASL
    description An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871 , CVE-2016-0402 , CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 88655
    published 2016-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88655
    title Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-643) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0055.NASL
    description Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 71 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88074
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88074
    title RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:0055) (SLOTH)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2864-1.NASL
    description Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87816
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87816
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : nss vulnerability (USN-2864-1) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3436.NASL
    description Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. More information can be found at https://www.mitls.org/pages/attacks/SLOTH
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87827
    published 2016-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87827
    title Debian DSA-3436-1 : openssl - security update (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0007.NASL
    description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87780
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87780
    title CentOS 6 / 7 : nss (CESA-2016:0007) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0007.NASL
    description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 87807
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87807
    title RHEL 6 / 7 : nss (RHSA-2016:0007) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3688.NASL
    description Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. - CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). - CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. - CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. - CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. - CVE-2016-1978 Eric Rescorla discovered a use-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. - CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. - CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. This update contains further correctness and stability fixes without immediate security impact.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 93871
    published 2016-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93871
    title Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-410.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography. CVE-2015-7575 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. CVE-2015-8126 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. CVE-2015-8472 Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. CVE-2016-0402 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. CVE-2016-0448 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. CVE-2016-0466 It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. CVE-2016-0483 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2016-0494 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. For Debian 6 'Squeeze', these problems have been fixed in version 6b38-1.13.10-1~deb6u1. We recommend that you upgrade your openjdk-6 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 88580
    published 2016-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88580
    title Debian DLA-410-1 : openjdk-6 security update (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0053.NASL
    description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88062
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88062
    title CentOS 6 : java-1.7.0-openjdk (CESA-2016:0053) (SLOTH)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL
    description An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 88078
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88078
    title Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (SLOTH)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
    description An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 88080
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88080
    title Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-60.NASL
    description This update for polarssl fixes the following issues : - CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (boo#961284) - boo#961290: potential double free during certificate generation
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88132
    published 2016-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88132
    title openSUSE Security Update : polarssl (openSUSE-2016-60) (SLOTH)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-645.NASL
    description A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 88657
    published 2016-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88657
    title Amazon Linux AMI : nss (ALAS-2016-645) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3491.NASL
    description Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88943
    published 2016-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88943
    title Debian DSA-3491-1 : icedove - security update (SLOTH)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160107_NSS_ON_SL6_X.NASL
    description A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 87840
    published 2016-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87840
    title Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64 (SLOTH)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_10F7BC7603354A88B3910B05B3A8CE1C.NASL
    description The Mozilla Project reports : Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 87609
    published 2015-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87609
    title FreeBSD : NSS -- MD5 downgrade in TLS 1.2 signatures (10f7bc76-0335-4a88-b391-0b05b3a8ce1c) (SLOTH)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160107_GNUTLS_ON_SL6_X.NASL
    description A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) For the update to take effect, all applications linked to the GnuTLS library must be restarted.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 87838
    published 2016-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87838
    title Scientific Linux Security Update : gnutls on SL6.x, SL7.x i386/x86_64 (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-6.NASL
    description This update to MozillaFirefox 43.0.3 fixes the following issues : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature, in combination wit NSS 3.20.2 [boo#959888] Further fixes : - workaround Youtube user agent detection issue (bmo#1233970) - fix file download regression for multi user systems
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 87719
    published 2016-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87719
    title openSUSE Security Update : MozillaFirefox (openSUSE-2016-6) (SLOTH)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-46.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-46 (Mozilla Network Security Service (NSS): Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details. Impact : Remote attackers could conduct man-in-the-middle attacks, obtain access to private key information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-10-02
    plugin id 96643
    published 2017-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96643
    title GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-105.NASL
    description java-1_8_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88536
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88536
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-105) (SLOTH)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2884-1.NASL
    description Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-0402) It was discovered that OpenJDK 7 incorrectly allowed MD5 to be used for TLS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to expose sensitive information. (CVE-2015-7575) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0448) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-0466). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 88516
    published 2016-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88516
    title Ubuntu 14.04 LTS / 15.04 / 15.10 : openjdk-7 vulnerabilities (USN-2884-1) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0390-1.NASL
    description This update for java-1_8_0-ibm fixes the following security issues by updating to 8.0-2.10 (bsc#963937) : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0475: An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed : - bsc#960402: resolve package conflicts in devel package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88692
    published 2016-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88692
    title SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:0390-1) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-978.NASL
    description This update to mozilla-nss 3.20.2 fixes the following issues : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (boo#952810)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 87717
    published 2016-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87717
    title openSUSE Security Update : mozilla-nss (openSUSE-2015-978) (SLOTH)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2865-1.NASL
    description Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87845
    published 2016-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87845
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : gnutls26, gnutls28 vulnerability (USN-2865-1) (SLOTH)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_JAN_2016_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 71, 7 Update 95, or 6 Update 111. It is, therefore, affected by security vulnerabilities in the following components : - 2D - AWT - JAXP - JMX - Libraries - Networking - Security
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 88046
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88046
    title Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH) (Unix)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL02201365.NASL
    description A flaw was found in the way TLS 1.2 uses RSA+MD5 signatures with Client Authentication and ServerKeyExchange messages during a TLS 1.2 handshakes. An attacker with a Man-in-the-Middle network position and the ability to force / observe the use of RSA+MD5 during a TLS Handshake, may be able to successfully generate a hash collision and impersonate a TLS client or server. The vulnerability of CVE-2015-7575 is relevant to cryptography software which supports TLS 1.2 only as earlier versions of TLS used different hash functionality in those protocols. (CVE-2015-7575)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 88703
    published 2016-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88703
    title F5 Networks BIG-IP : SLOTH: TLS 1.2 handshake vulnerability (K02201365) (SLOTH)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160107_OPENSSL_ON_SL6_X.NASL
    description A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 87841
    published 2016-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87841
    title Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0012.NASL
    description Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87785
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87785
    title CentOS 6 / 7 : gnutls (CESA-2016:0012) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-115.NASL
    description java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88541
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88541
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-115) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-107.NASL
    description java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88538
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88538
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-107) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3458.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88427
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88427
    title Debian DSA-3458-1 : openjdk-7 - security update (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3465.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88568
    published 2016-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88568
    title Debian DSA-3465-1 : openjdk-6 - security update (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0269-1.NASL
    description java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88486
    published 2016-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88486
    title SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0269-1) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0053.NASL
    description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88072
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88072
    title RHEL 6 : java-1.7.0-openjdk (RHSA-2016:0053) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0056.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88075
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88075
    title RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:0056) (SLOTH)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-647.NASL
    description An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Integer signedness issues were discovered in IndicRearrangementProcessor and IndicRearrangementProcessor2 in the ICU Layout Engine. A specially crafted font file could cause an application using ICU to parse untrusted fonts to crash and, possibly, execute arbitrary code. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) A flaw was found in the deserialization of the URL class in the Networking component of OpenJDK. Deserialization of the specially crafted data could result in creation of the URL object with an inconsistent state. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-0402) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) It was discovered that the RMIConnector and RMIConnectionImpl classes in the JMX component of OpenJDK could log sensitive information such as user passwords in its debug log, possibly leading the exposure of the information. (CVE-2016-0448)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 88659
    published 2016-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88659
    title Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-647) (SLOTH)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
    description An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 88079
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88079
    title Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL7.x i386/x86_64 (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-225.NASL
    description This update to 38.6.0 fixes the following issues : - MFSA 2016-01/CVE-2016-1930 Miscellaneous memory safety hazards - MFSA 2016-03/CVE-2016-1935 (bmo#1220450) Buffer overflow in WebGL after out of memory allocation
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88830
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88830
    title openSUSE Security Update : Thunderbird (openSUSE-2016-225) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0049.NASL
    description Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88035
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88035
    title RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0049) (SLOTH)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0049.NASL
    description From Red Hat Security Advisory 2016:0049 : Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 88031
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88031
    title Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2016-0049) (SLOTH)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_JAN_2016.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 71, 7 Update 95, or 6 Update 111. It is, therefore, affected by security vulnerabilities in the following components : - 2D - AWT - JAXP - JMX - Libraries - Networking - Security
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 88045
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88045
    title Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0050.NASL
    description From Red Hat Security Advisory 2016:0050 : Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 88069
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88069
    title Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2016-0050) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3437.NASL
    description Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. More information can be found at https://www.mitls.org/pages/attacks/SLOTH
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87828
    published 2016-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87828
    title Debian DSA-3437-1 : gnutls26 - security update (SLOTH)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0012.NASL
    description From Red Hat Security Advisory 2016:0012 : Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 87799
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87799
    title Oracle Linux 6 / 7 : gnutls (ELSA-2016-0012) (SLOTH)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0008.NASL
    description From Red Hat Security Advisory 2016:0008 : Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 87795
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87795
    title Oracle Linux 6 / 7 : openssl (ELSA-2016-0008) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0008.NASL
    description Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 87808
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87808
    title RHEL 6 / 7 : openssl (RHSA-2016:0008) (SLOTH)
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSL_ADVISORY16.NASL
    description The remote AIX host has a version of OpenSSL installed that is affected by a collision-based forgery vulnerability, known as SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes), in the TLS protocol due to accepting RSA-MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange messages during a TLS handshake. A man-in-the-middle attacker can exploit this, via a transcript collision attack, to impersonate a TLS server.
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 88591
    published 2016-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88591
    title AIX OpenSSL Advisory : openssl_advisory16.asc (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0008.NASL
    description Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87781
    published 2016-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87781
    title CentOS 6 / 7 : openssl (CESA-2016:0008) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-282.NASL
    description This update to bouncycastle 1.54 fixes the following issues : - CVE-2015-7575: add validation that signature algorithm received in DigitallySigned structures is actually one of those offered (boo#967521)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 89018
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89018
    title openSUSE Security Update : bouncycastle (openSUSE-2016-282) (SLOTH)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-661.NASL
    description A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN (CVE-2016-0800). Prior to this advisory, SSLv2 has been disabled by default in OpenSSL on the Amazon Linux AMI. However, application configurations may still re-enable SSLv2. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575 , Medium) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197 , Low) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702 , Low) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705 , Low) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797 , Low) The fmtstr function in crypto/bio/b_print.c in OpenSSL improperly calculated string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data. (CVE-2016-0799 , Low) The doapr_outch function in crypto/bio/b_print.c in OpenSSL did not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data. (CVE-2016-2842 , Low) '(Updated on 2016-04-28: CVE-2016-2842 was fixed as part of this update but was previously not listed in this advisory.)'
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 89842
    published 2016-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89842
    title Amazon Linux AMI : openssl (ALAS-2016-661) (DROWN) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0265-1.NASL
    description java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed : - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88485
    published 2016-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88485
    title SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0265-1) (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0054.NASL
    description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88063
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88063
    title CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0054) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-110.NASL
    description Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes : - Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962, CVE-2016-0466: More general limits - S8137060: JMX memory management improvements - S8139012: Better font substitutions - S8139017, CVE-2016-0483: More stable image decoding - S8140543, CVE-2016-0494: Arrange font actions - S8143185: Cleanup for handling proxies - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays - S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH) - S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - Import of OpenJDK 7 u95 build 0 - S7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified - S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket. java failed with SocketTimeoutException - S8074068: Cleanup in src/share/classes/sun/security/x509/ - S8075773: jps running as root fails after the fix of JDK-8050807 - S8081297: SSL Problem with Tomcat - S8131181: Increment minor version of HSx for 7u95 and initialize the build number - S8132082: Let OracleUcrypto accept RSAPrivateKey - S8134605: Partial rework of the fix for 8081297 - S8134861: XSLT: Extension func call cause exception if namespace URI contains partial package name - S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing - S8138716: (tz) Support tzdata2015g - S8140244: Port fix of JDK-8075773 to MacOSX - S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS - S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2 - S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBui ld.java 8u71 failure - S8143132: L10n resource file translation update - S8144955: Wrong changes were pushed with 8143942 - S8145551: Test failed with Crash for Improved font lookups - S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp - Backports - S8140244: Port fix of JDK-8075773 to AIX - S8133196, PR2712, RH1251935: HTTPS hostname invalid issue with InetAddress - S8140620, PR2710: Find and load default.sf2 as the default soundbank on Linux
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88540
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88540
    title openSUSE Security Update : Java7 (openSUSE-2016-110) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0256-1.NASL
    description java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed : - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88453
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88453
    title SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:0256-1) (SLOTH)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0054.NASL
    description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 88073
    published 2016-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88073
    title RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0054) (SLOTH)
redhat via4
advisories
  • bugzilla
    id 1289841
    title CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment nss is earlier than 0:3.19.1-8.el6_7
            oval oval:com.redhat.rhsa:tst:20160007011
          • comment nss is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862006
        • AND
          • comment nss-devel is earlier than 0:3.19.1-8.el6_7
            oval oval:com.redhat.rhsa:tst:20160007013
          • comment nss-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862014
        • AND
          • comment nss-pkcs11-devel is earlier than 0:3.19.1-8.el6_7
            oval oval:com.redhat.rhsa:tst:20160007009
          • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862010
        • AND
          • comment nss-sysinit is earlier than 0:3.19.1-8.el6_7
            oval oval:com.redhat.rhsa:tst:20160007007
          • comment nss-sysinit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862008
        • AND
          • comment nss-tools is earlier than 0:3.19.1-8.el6_7
            oval oval:com.redhat.rhsa:tst:20160007005
          • comment nss-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862012
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment nss is earlier than 0:3.19.1-19.el7_2
            oval oval:com.redhat.rhsa:tst:20160007023
          • comment nss is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862006
        • AND
          • comment nss-devel is earlier than 0:3.19.1-19.el7_2
            oval oval:com.redhat.rhsa:tst:20160007019
          • comment nss-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862014
        • AND
          • comment nss-pkcs11-devel is earlier than 0:3.19.1-19.el7_2
            oval oval:com.redhat.rhsa:tst:20160007020
          • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862010
        • AND
          • comment nss-sysinit is earlier than 0:3.19.1-19.el7_2
            oval oval:com.redhat.rhsa:tst:20160007022
          • comment nss-sysinit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862008
        • AND
          • comment nss-tools is earlier than 0:3.19.1-19.el7_2
            oval oval:com.redhat.rhsa:tst:20160007021
          • comment nss-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100862012
    rhsa
    id RHSA-2016:0007
    released 2016-01-07
    severity Moderate
    title RHSA-2016:0007: nss security update (Moderate)
  • bugzilla
    id 1289841
    title CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment openssl is earlier than 0:1.0.1e-42.el6_7.2
            oval oval:com.redhat.rhsa:tst:20160008009
          • comment openssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888006
        • AND
          • comment openssl-devel is earlier than 0:1.0.1e-42.el6_7.2
            oval oval:com.redhat.rhsa:tst:20160008005
          • comment openssl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888012
        • AND
          • comment openssl-perl is earlier than 0:1.0.1e-42.el6_7.2
            oval oval:com.redhat.rhsa:tst:20160008007
          • comment openssl-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888008
        • AND
          • comment openssl-static is earlier than 0:1.0.1e-42.el6_7.2
            oval oval:com.redhat.rhsa:tst:20160008011
          • comment openssl-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888010
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment openssl is earlier than 1:1.0.1e-51.el7_2.2
            oval oval:com.redhat.rhsa:tst:20160008019
          • comment openssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888006
        • AND
          • comment openssl-devel is earlier than 1:1.0.1e-51.el7_2.2
            oval oval:com.redhat.rhsa:tst:20160008017
          • comment openssl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888012
        • AND
          • comment openssl-libs is earlier than 1:1.0.1e-51.el7_2.2
            oval oval:com.redhat.rhsa:tst:20160008020
          • comment openssl-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140679014
        • AND
          • comment openssl-perl is earlier than 1:1.0.1e-51.el7_2.2
            oval oval:com.redhat.rhsa:tst:20160008022
          • comment openssl-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888008
        • AND
          • comment openssl-static is earlier than 1:1.0.1e-51.el7_2.2
            oval oval:com.redhat.rhsa:tst:20160008018
          • comment openssl-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888010
    rhsa
    id RHSA-2016:0008
    released 2016-01-07
    severity Moderate
    title RHSA-2016:0008: openssl security update (Moderate)
  • bugzilla
    id 1289841
    title CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment gnutls is earlier than 0:2.8.5-19.el6_7
            oval oval:com.redhat.rhsa:tst:20160012005
          • comment gnutls is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120429006
        • AND
          • comment gnutls-devel is earlier than 0:2.8.5-19.el6_7
            oval oval:com.redhat.rhsa:tst:20160012007
          • comment gnutls-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120429010
        • AND
          • comment gnutls-guile is earlier than 0:2.8.5-19.el6_7
            oval oval:com.redhat.rhsa:tst:20160012011
          • comment gnutls-guile is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120429012
        • AND
          • comment gnutls-utils is earlier than 0:2.8.5-19.el6_7
            oval oval:com.redhat.rhsa:tst:20160012009
          • comment gnutls-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120429008
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment gnutls is earlier than 0:3.3.8-14.el7_2
            oval oval:com.redhat.rhsa:tst:20160012019
          • comment gnutls is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120429006
        • AND
          • comment gnutls-c++ is earlier than 0:3.3.8-14.el7_2
            oval oval:com.redhat.rhsa:tst:20160012020
          • comment gnutls-c++ is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140684010
        • AND
          • comment gnutls-dane is earlier than 0:3.3.8-14.el7_2
            oval oval:com.redhat.rhsa:tst:20160012017
          • comment gnutls-dane is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140684008
        • AND
          • comment gnutls-devel is earlier than 0:3.3.8-14.el7_2
            oval oval:com.redhat.rhsa:tst:20160012023
          • comment gnutls-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120429010
        • AND
          • comment gnutls-utils is earlier than 0:3.3.8-14.el7_2
            oval oval:com.redhat.rhsa:tst:20160012022
          • comment gnutls-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120429008
    rhsa
    id RHSA-2016:0012
    released 2016-01-07
    severity Moderate
    title RHSA-2016:0012: gnutls security update (Moderate)
  • rhsa
    id RHSA-2016:0049
  • rhsa
    id RHSA-2016:0050
  • rhsa
    id RHSA-2016:0053
  • rhsa
    id RHSA-2016:0054
  • rhsa
    id RHSA-2016:0055
  • rhsa
    id RHSA-2016:0056
  • rhsa
    id RHSA-2016:1430
rpms
  • nss-0:3.19.1-8.el6_7
  • nss-devel-0:3.19.1-8.el6_7
  • nss-pkcs11-devel-0:3.19.1-8.el6_7
  • nss-sysinit-0:3.19.1-8.el6_7
  • nss-tools-0:3.19.1-8.el6_7
  • nss-0:3.19.1-19.el7_2
  • nss-devel-0:3.19.1-19.el7_2
  • nss-pkcs11-devel-0:3.19.1-19.el7_2
  • nss-sysinit-0:3.19.1-19.el7_2
  • nss-tools-0:3.19.1-19.el7_2
  • openssl-0:1.0.1e-42.el6_7.2
  • openssl-devel-0:1.0.1e-42.el6_7.2
  • openssl-perl-0:1.0.1e-42.el6_7.2
  • openssl-static-0:1.0.1e-42.el6_7.2
  • openssl-1:1.0.1e-51.el7_2.2
  • openssl-devel-1:1.0.1e-51.el7_2.2
  • openssl-libs-1:1.0.1e-51.el7_2.2
  • openssl-perl-1:1.0.1e-51.el7_2.2
  • openssl-static-1:1.0.1e-51.el7_2.2
  • gnutls-0:2.8.5-19.el6_7
  • gnutls-devel-0:2.8.5-19.el6_7
  • gnutls-guile-0:2.8.5-19.el6_7
  • gnutls-utils-0:2.8.5-19.el6_7
  • gnutls-0:3.3.8-14.el7_2
  • gnutls-c++-0:3.3.8-14.el7_2
  • gnutls-dane-0:3.3.8-14.el7_2
  • gnutls-devel-0:3.3.8-14.el7_2
  • gnutls-utils-0:3.3.8-14.el7_2
  • java-1.8.0-openjdk-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-debug-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-demo-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-devel-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-headless-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-src-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-src-debug-1:1.8.0.71-2.b15.el7_2
  • java-1.8.0-openjdk-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-debug-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-demo-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-devel-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-headless-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-javadoc-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-src-1:1.8.0.71-1.b15.el6_7
  • java-1.8.0-openjdk-src-debug-1:1.8.0.71-1.b15.el6_7
  • java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7
  • java-1.7.0-openjdk-demo-1:1.7.0.95-2.6.4.0.el6_7
  • java-1.7.0-openjdk-devel-1:1.7.0.95-2.6.4.0.el6_7
  • java-1.7.0-openjdk-javadoc-1:1.7.0.95-2.6.4.0.el6_7
  • java-1.7.0-openjdk-src-1:1.7.0.95-2.6.4.0.el6_7
  • java-1.7.0-openjdk-1:1.7.0.95-2.6.4.1.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.95-2.6.4.1.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.95-2.6.4.1.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.95-2.6.4.1.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.95-2.6.4.1.el5_11
  • java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el7_2
  • java-1.7.0-openjdk-accessibility-1:1.7.0.95-2.6.4.0.el7_2
  • java-1.7.0-openjdk-demo-1:1.7.0.95-2.6.4.0.el7_2
  • java-1.7.0-openjdk-devel-1:1.7.0.95-2.6.4.0.el7_2
  • java-1.7.0-openjdk-headless-1:1.7.0.95-2.6.4.0.el7_2
  • java-1.7.0-openjdk-javadoc-1:1.7.0.95-2.6.4.0.el7_2
  • java-1.7.0-openjdk-src-1:1.7.0.95-2.6.4.0.el7_2
refmap via4
bid
  • 79684
  • 91787
confirm
debian
  • DSA-3436
  • DSA-3437
  • DSA-3457
  • DSA-3458
  • DSA-3465
  • DSA-3491
  • DSA-3688
gentoo
  • GLSA-201701-46
  • GLSA-201706-18
  • GLSA-201801-15
sectrack
  • 1034541
  • 1036467
suse
  • SUSE-SU-2016:0256
  • SUSE-SU-2016:0265
  • SUSE-SU-2016:0269
  • openSUSE-SU-2015:2405
  • openSUSE-SU-2016:0007
  • openSUSE-SU-2016:0161
  • openSUSE-SU-2016:0162
  • openSUSE-SU-2016:0263
  • openSUSE-SU-2016:0268
  • openSUSE-SU-2016:0270
  • openSUSE-SU-2016:0272
  • openSUSE-SU-2016:0279
  • openSUSE-SU-2016:0307
  • openSUSE-SU-2016:0308
  • openSUSE-SU-2016:0488
  • openSUSE-SU-2016:0605
ubuntu
  • USN-2863-1
  • USN-2864-1
  • USN-2865-1
  • USN-2866-1
  • USN-2884-1
  • USN-2904-1
Last major update 07-12-2016 - 13:24
Published 08-01-2016 - 21:59
Last modified 30-10-2018 - 12:27
Back to Top