ID CVE-2017-3738
Summary There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 1.0.2
    cpe:2.3:a:openssl:openssl:1.0.2
  • OpenSSL Project OpenSSL 1.0.2-beta1
    cpe:2.3:a:openssl:openssl:1.0.2:beta1
  • OpenSSL 1.0.2 Beta 2
    cpe:2.3:a:openssl:openssl:1.0.2:beta2
  • OpenSSL 1.0.2 Beta 3
    cpe:2.3:a:openssl:openssl:1.0.2:beta3
  • OpenSSL OpenSSL 1.0.2a
    cpe:2.3:a:openssl:openssl:1.0.2a
  • OpenSSL Project OpenSSL 1.0.2b
    cpe:2.3:a:openssl:openssl:1.0.2b
  • OpenSSL Project OpenSSL 1.0.2c
    cpe:2.3:a:openssl:openssl:1.0.2c
  • OpenSSL OpenSSL 1.0.2d
    cpe:2.3:a:openssl:openssl:1.0.2d
  • OpenSSL 1.0.2e
    cpe:2.3:a:openssl:openssl:1.0.2e
  • OpenSSL 1.0.2f
    cpe:2.3:a:openssl:openssl:1.0.2f
  • OpenSSL Project 1.0.2g
    cpe:2.3:a:openssl:openssl:1.0.2g
  • OpenSSL 1.0.2h
    cpe:2.3:a:openssl:openssl:1.0.2h
  • OpenSSL Project OpenSSL 1.0.2i
    cpe:2.3:a:openssl:openssl:1.0.2i
  • OpenSSL1.0.2j
    cpe:2.3:a:openssl:openssl:1.0.2j
  • OpenSSL 1.0.2k
    cpe:2.3:a:openssl:openssl:1.0.2k
  • OpenSSL 1.0.2l
    cpe:2.3:a:openssl:openssl:1.0.2l
  • OpenSSL 1.0.2m
    cpe:2.3:a:openssl:openssl:1.0.2m
  • OpenSSL 1.1.0
    cpe:2.3:a:openssl:openssl:1.1.0
  • OpenSSL Project OpenSSL 1.1.0a
    cpe:2.3:a:openssl:openssl:1.1.0a
  • OpenSSL Project OpenSSL 1.1.0b
    cpe:2.3:a:openssl:openssl:1.1.0b
  • OpenSSL Project OpenSSL 1.1.0c
    cpe:2.3:a:openssl:openssl:1.1.0c
  • OpenSSL Project OpenSSL 1.1.0d
    cpe:2.3:a:openssl:openssl:1.1.0d
  • OpenSSL Project OpenSSL 1.1.0e
    cpe:2.3:a:openssl:openssl:1.1.0e
  • OpenSSL Project OpenSSL 1.1.0f
    cpe:2.3:a:openssl:openssl:1.1.0f
  • OpenSSL 1.1.0g
    cpe:2.3:a:openssl:openssl:1.1.0g
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BEA84A7AE0C911E7B4F311BAA0C2DF21.NASL
    description Node.js reports : Data Confidentiality/Integrity Vulnerability - CVE-2017-15896 Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption. Uninitialized buffer vulnerability - CVE-2017-15897 Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, 'This is not correctly encoded', 'hex');' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. Also included in OpenSSL update - CVE 2017-3738 Note that CVE 2017-3738 of OpenSSL-1.0.2 affected Node but it was low severity.
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 105259
    published 2017-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105259
    title FreeBSD : node.js -- Data Confidentiality/Integrity Vulnerability, December 2017 (bea84a7a-e0c9-11e7-b4f3-11baa0c2df21)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9F7A0F39DDC011E7B5AFA4BADB2F4699.NASL
    description Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. [CVE-2017-3737] There is an overflow bug in the x86_64 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). [CVE-2017-3738] This bug only affects FreeBSD 11.x. Impact : Applications with incorrect error handling may inappropriately pass unencrypted data. [CVE-2017-3737] Mishandling of carry propagation will produce incorrect output, and make it easier for a remote attacker to obtain sensitive private-key information. No EC algorithms are affected and analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. [CVE-2017-3738]
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 105141
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105141
    title FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (9f7a0f39-ddc0-11e7-b5af-a4badb2f4699)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180410_OPENSSL_ON_SL7_X.NASL
    description Security Fix(es) : - openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) - openssl: Read/write after SSL object in error state (CVE-2017-3737) - openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Additional Changes :
    last seen 2018-05-06
    modified 2018-05-01
    plugin id 109455
    published 2018-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109455
    title Scientific Linux Security Update : openssl on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-5.NASL
    description This update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to release 4.8.7 (bsc#1072322) : - https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ - https://nodejs.org/en/blog/release/v4.8.7/ - https://nodejs.org/en/blog/release/v4.8.6/ - https://nodejs.org/en/blog/release/v4.8.5/ This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 105638
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105638
    title openSUSE Security Update : nodejs4 (openSUSE-2018-5)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1381.NASL
    description This update for openssl fixes the following issues : - OpenSSL Security Advisory [07 Dec 2017] - CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \'error state\' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905) - CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 105341
    published 2017-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105341
    title openSUSE Security Update : openssl (openSUSE-2017-1381)
  • NASL family Misc.
    NASL id SECURITYCENTER_OPENSSL_1_0_2N.NASL
    description The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.
    last seen 2018-07-30
    modified 2018-07-27
    plugin id 106563
    published 2018-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106563
    title Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201712-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201712-03 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information. Workaround : There are no known workarounds at this time.
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 105263
    published 2017-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105263
    title GLSA-201712-03 : OpenSSL: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4065.NASL
    description Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read() and SSL_write() while being invoked in an error state, causing data to be passed without being decrypted or encrypted directly from the SSL/TLS record layer. - CVE-2017-3738 It was discovered that OpenSSL contains an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171207.txt
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 105329
    published 2017-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105329
    title Debian DSA-4065-1 : openssl1.0 - security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL
    description The OpenSSL project reports : - Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. - rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation).
    last seen 2018-04-27
    modified 2018-03-30
    plugin id 108681
    published 2018-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108681
    title FreeBSD : OpenSSL -- multiple vulnerabilities (b7cff5a9-31cc-11e8-8f07-b499baebfeaf)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1179.NASL
    description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. (CVE-2017-3737) - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). (CVE-2017-3738) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-11
    modified 2018-08-10
    plugin id 110843
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110843
    title EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1179)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2185.NASL
    description Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. This release upgrades OpenSSL to version 1.0.2.n Security Fix(es) : * openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182) * openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302) * openssl: certificate message OOB reads (CVE-2016-6306) * openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055) * openssl: Truncated packet could crash via OOB read (CVE-2017-3731) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
    last seen 2018-07-19
    modified 2018-07-18
    plugin id 111146
    published 2018-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111146
    title RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 (RHSA-2018:2185)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-342-01.NASL
    description New openssl packages are available for Slackware 14.2 and -current to fix security issues.
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 105113
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105113
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : openssl (SSA:2017-342-01)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-116.NASL
    description This update for nodejs6 fixes the following issues : Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to LTS release 6.12.2 (bsc#1072322) : - https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ - https://nodejs.org/en/blog/release/v6.12.2/ - https://nodejs.org/en/blog/release/v6.12.1/ - https://nodejs.org/en/blog/release/v6.12.0/ - https://nodejs.org/en/blog/release/v6.11.5/ - https://nodejs.org/en/blog/release/v6.11.4/ - https://nodejs.org/en/blog/release/v6.11.3/ - https://nodejs.org/en/blog/release/v6.11.2/ This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 106547
    published 2018-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106547
    title openSUSE Security Update : nodejs6 (openSUSE-2018-116)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0097-A.NASL
    description An update of 'openssl' packages of Photon OS has been released.
    last seen 2018-08-18
    modified 2018-08-17
    plugin id 111908
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111908
    title Photon OS 1.0: Openssl PHSA-2018-1.0-0097-(a)
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL
    description The version of Oracle Secure Global Desktop installed on the remote host is 5.3 and is missing a security patch from the April 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 109165
    published 2018-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109165
    title Oracle Secure Global Desktop Multiple Vulnerabilities (April 2018 CPU)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0010-A.NASL
    description An update of {'openssl'} packages of Photon OS has been released.
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 111279
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111279
    title Photon OS 2.0 : openssl (PhotonOS-PHSA-2018-2.0-0010-(a))
  • NASL family Firewalls
    NASL id PFSENSE_SA-17_11.NASL
    description According to its self-reported version number, the remote pfSense install is a version 2.3.x prior to 2.3.5-p1 or 2.4.x prior to 2.4.2-p1. It is, therefore, affected by multiple vulnerabilities.
    last seen 2018-07-30
    modified 2018-07-25
    plugin id 106507
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106507
    title pfSense 2.3.x < 2.3.5-p1 / 2.4.x < 2.4.2-p1 Multiple Vulnerabilities (SA-17_10 / SA-17_11)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1004.NASL
    description bn_sqrx8x_internal carry bug on x86_64 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) rsaz_1024_mul_avx2 overflow bug on x86_64 There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701 . This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 . OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. (CVE-2017-3738) RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key. (CVE-2018-0737) Read/write after SSL object in error state OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737)
    last seen 2018-04-28
    modified 2018-04-27
    plugin id 109364
    published 2018-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109364
    title Amazon Linux 2 : openssl (ALAS-2018-1004)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4157.NASL
    description Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. - CVE-2018-0739 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt
    last seen 2018-04-27
    modified 2018-04-02
    plugin id 108730
    published 2018-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108730
    title Debian DSA-4157-1 : openssl - security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1115.NASL
    description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. (CVE-2017-3737) - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). (CVE-2017-3738) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-11
    modified 2018-08-10
    plugin id 109513
    published 2018-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109513
    title EulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1115)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-3343-1.NASL
    description This update for openssl fixes the following issues : - OpenSSL Security Advisory [07 Dec 2017] - CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \'error state\' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905) - CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 105353
    published 2017-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105353
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3343-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0998.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen 2018-04-28
    modified 2018-04-27
    plugin id 109379
    published 2018-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109379
    title CentOS 7 : openssl (CESA-2018:0998)
  • NASL family Misc.
    NASL id JUNIPER_NSM_JSA10851.NASL
    description The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R14. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.
    last seen 2018-07-13
    modified 2018-07-12
    plugin id 109406
    published 2018-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109406
    title Juniper NSM < 2012.2R14 OpenSSL Multiple Vulnerabilities (JSA10851)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL
    description The OpenSSL project reports : - Read/write after SSL object in error state (CVE-2017-3737) OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. - rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701.
    last seen 2018-03-30
    modified 2018-03-30
    plugin id 105090
    published 2017-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105090
    title FreeBSD : OpenSSL -- multiple vulnerabilities (3bb451fc-db64-11e7-ac58-b499baebfeaf)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0053-1.NASL
    description The Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils : - Update to version 2.29 - 18750 bsc#1030296 CVE-2014-9939 - 20891 bsc#1030585 CVE-2017-7225 - 20892 bsc#1030588 CVE-2017-7224 - 20898 bsc#1030589 CVE-2017-7223 - 20905 bsc#1030584 CVE-2017-7226 - 20908 bsc#1031644 CVE-2017-7299 - 20909 bsc#1031656 CVE-2017-7300 - 20921 bsc#1031595 CVE-2017-7302 - 20922 bsc#1031593 CVE-2017-7303 - 20924 bsc#1031638 CVE-2017-7301 - 20931 bsc#1031590 CVE-2017-7304 - 21135 bsc#1030298 CVE-2017-7209 - 21137 bsc#1029909 CVE-2017-6965 - 21139 bsc#1029908 CVE-2017-6966 - 21156 bsc#1029907 CVE-2017-6969 - 21157 bsc#1030297 CVE-2017-7210 - 21409 bsc#1037052 CVE-2017-8392 - 21412 bsc#1037057 CVE-2017-8393 - 21414 bsc#1037061 CVE-2017-8394 - 21432 bsc#1037066 CVE-2017-8396 - 21440 bsc#1037273 CVE-2017-8421 - 21580 bsc#1044891 CVE-2017-9746 - 21581 bsc#1044897 CVE-2017-9747 - 21582 bsc#1044901 CVE-2017-9748 - 21587 bsc#1044909 CVE-2017-9750 - 21594 bsc#1044925 CVE-2017-9755 - 21595 bsc#1044927 CVE-2017-9756 - 21787 bsc#1052518 CVE-2017-12448 - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 - 21933 bsc#1053347 CVE-2017-12799 - 21990 bsc#1058480 CVE-2017-14333 - 22018 bsc#1056312 CVE-2017-13757 - 22047 bsc#1057144 CVE-2017-14129 - 22058 bsc#1057149 CVE-2017-14130 - 22059 bsc#1057139 CVE-2017-14128 - 22113 bsc#1059050 CVE-2017-14529 - 22148 bsc#1060599 CVE-2017-14745 - 22163 bsc#1061241 CVE-2017-14974 - 22170 bsc#1060621 CVE-2017-14729 - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] - Fix alignment frags for aarch64 (bsc#1003846) coreutils : - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) file : - update to version 5.22. - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966) gcc7 : - Support for specific IBM Power9 processor instructions. - Support for specific IBM zSeries z14 processor instructions. - New packages cross-npvtx-gcc7 and nvptx-tools added to the Toolchain Module for specific NVIDIA Card offload support. gzip : - fix mishandling of leading zeros in the end-of-block code (bsc#1067891) libsolv : - Many fixes and improvements for cleandeps. - Always create dup rules for 'distupgrade' jobs. - Use recommends also for ordering packages. - Fix splitprovides handling with addalreadyrecommended turned off. (bsc#1059065) - Expose solver_get_recommendations() in bindings. - Fix bug in solver_prune_to_highest_prio_per_name resulting in bad output from solver_get_recommendations(). - Support 'without' and 'unless' dependencies. - Use same heuristic as upstream to determine source RPMs. - Fix memory leak in bindings. - Add pool_best_solvables() function. - Fix 64bit integer parsing from RPM headers. - Enable bzip2 and xz/lzma compression support. - Enable complex/rich dependencies on distributions with RPM 4.13+. libtool : - Add missing dependencies and provides to baselibs.conf to make sure libltdl libraries are properly installed. (bsc#1056381) libzypp : - Fix media handling in presence of a repo path prefix. (bsc#1062561) - Fix RepoProvideFile ignoring a repo path prefix. (bsc#1062561) - Remove unused legacy notify-message script. (bsc#1058783) - Support multiple product licenses in repomd. (fate#322276) - Propagate 'rpm --import' errors. (bsc#1057188) - Fix typos in zypp.conf. openssl : - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) perl: Security issues for perl : - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a escape and the case-insensitive modifier. (bnc#1057724) - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid escape. (bnc#1057721) - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes for perl : - backport set_capture_string changes from upstream (bsc#999735) - reformat baselibs.conf as source validator workaround systemd : - unit: When JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too. (bsc#1048605, bsc#1004995) - compat-rules: Generate compat by-id symlinks with 'nvme' prefix missing and warn users that have broken symlinks. (bsc#1063249) - compat-rules: Allow to specify the generation number through the kernel command line. - scsi_id: Fixup prefix for pre-SPC inquiry reply. (bsc#1039099) - tmpfiles: Remove old ICE and X11 sockets at boot. - tmpfiles: Silently ignore any path that passes through autofs. (bsc#1045472) - pam_logind: Skip leading /dev/ from PAM_TTY field before passing it on. - shared/machine-pool: Fix another mkfs.btrfs checking. (bsc#1053595) - shutdown: Fix incorrect fscanf() result check. - shutdown: Don't remount,ro network filesystems. (bsc#1035386) - shutdown: Don't be fooled when detaching DM devices with BTRFS. (bsc#1055641) - bash-completion: Add support for --now. (bsc#1053137) - Add convert-lib-udev-path.sh script to convert /lib/udev directory into a symlink pointing to /usr/lib/udev when upgrading from SLE11. (bsc#1050152) - Add a rule to teach hotplug to offline containers transparently. (bsc#1040800) timezone : - Northern Cyprus switches from +03 to +02/+03 on 2017-10-29 - Fiji ends DST 2018-01-14, not 2018-01-21 - Namibia switches from +01/+02 to +02 on 2018-04-01 - Sudan switches from +03 to +02 on 2017-11-01 - Tonga likely switches from +13/+14 to +13 on 2017-11-05 - Turks and Caicos switches from -04 to -05/-04 on 2018-11-04 - Corrections to past DST transitions - Move oversized Canada/East-Saskatchewan to 'backward' file - zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. util-linux : - Allow unmounting of filesystems without calling stat() on the mount point, when '-c' is used. (bsc#1040968) - Fix an infinite loop, a crash and report the correct minimum and maximum frequencies in lscpu for some processors. (bsc#1055446) - Fix a lscpu failure on Sydney Amazon EC2 region. (bsc#1066500) - If multiple subvolumes are mounted, report the default subvolume. (bsc#1039276) velum : - Fix logout issue on DEX download page * page doesn't exist (bsc#1066611) - Handle invalid sessions more user friendly - Fix undesired minimum nodes alert blink (bsc#1066371) wicked : - A regression in wicked was causing the hostname not to be set correctly via DHCP in some cases (bsc#1057007,bsc#1050258) - Configure the interface MTU correctly even in cases where the interface was up already (bsc#1059292) - Don't abort the process that adds configures routes if one route fails (bsc#1036619) - Handle DHCP4 user-class ids properly (bsc#1045522) - ethtool: handle channels parameters (bsc#1043883) zypper : - Locale: Fix possible segmentation fault. (bsc#1064999) - Add summary hint if product is better updated by a different command. This is mainly used by rolling distributions like openSUSE Tumbleweed to remind their users to use 'zypper dup' to update (not zypper up or patch). (bsc#1061384) - Unify '(add|modify)(repo|service)' property related arguments. - Fixed 'add' commands supporting to set only a subset of properties. - Introduced '-f/-F' as preferred short option for --[no-]refresh in all four commands. (bsc#661410, bsc#1053671) - Fix missing package names in installation report. (bsc#1058695) - Differ between unsupported and packages with unknown support status. (bsc#1057634) - Return error code '107' if an RPM's %post configuration script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1 is set in the environment. (bsc#1047233) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 106092
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106092
    title SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-0998.NASL
    description From Red Hat Security Advisory 2018:0998 : An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen 2018-04-26
    modified 2018-04-25
    plugin id 109112
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109112
    title Oracle Linux 7 : openssl (ELSA-2018-0998)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3512-1.NASL
    description David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. (CVE-2017-3737) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2017-3738). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-10
    modified 2018-08-06
    plugin id 105173
    published 2017-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105173
    title Ubuntu 16.04 LTS / 17.04 / 17.10 : openssl vulnerabilities (USN-3512-1)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_2N.NASL
    description According to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2n. It is, therefore, affected by multiple vulnerabilities that allow potential recovery of private key information or failure to properly encrypt data.
    last seen 2018-07-18
    modified 2018-07-16
    plugin id 105291
    published 2017-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105291
    title OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id OPENSSL_1_1_0H.NASL
    description According to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.0h. It is, therefore, affected by multiple vulnerabilities.
    last seen 2018-07-21
    modified 2018-07-17
    plugin id 105292
    published 2017-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105292
    title OpenSSL 1.1.0 < 1.1.0h AVX2 Montgomery Multiplication Private Key Derivation Weakness
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2186.NASL
    description Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. This release upgrades OpenSSL to version 1.0.2.n Security Fix(es) : * openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182) * openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302) * openssl: certificate message OOB reads (CVE-2016-6306) * openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055) * openssl: Truncated packet could crash via OOB read (CVE-2017-3731) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
    last seen 2018-07-19
    modified 2018-07-18
    plugin id 111147
    published 2018-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111147
    title RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 (RHSA-2018:2186)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1016.NASL
    description There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701 . This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 . OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.(CVE-2017-3738) OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.(CVE-2017-3737) There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.(CVE-2017-3736)
    last seen 2018-05-12
    modified 2018-05-11
    plugin id 109698
    published 2018-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109698
    title Amazon Linux AMI : openssl (ALAS-2018-1016)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0998.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen 2018-04-15
    modified 2018-04-13
    plugin id 108993
    published 2018-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108993
    title RHEL 7 : openssl (RHSA-2018:0998)
redhat via4
advisories
  • bugzilla
    id 1523510
    title CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment openssl is earlier than 1:1.0.2k-12.el7
          oval oval:com.redhat.rhsa:tst:20180998007
        • comment openssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888006
      • AND
        • comment openssl-devel is earlier than 1:1.0.2k-12.el7
          oval oval:com.redhat.rhsa:tst:20180998013
        • comment openssl-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888012
      • AND
        • comment openssl-libs is earlier than 1:1.0.2k-12.el7
          oval oval:com.redhat.rhsa:tst:20180998009
        • comment openssl-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140679014
      • AND
        • comment openssl-perl is earlier than 1:1.0.2k-12.el7
          oval oval:com.redhat.rhsa:tst:20180998011
        • comment openssl-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888008
      • AND
        • comment openssl-static is earlier than 1:1.0.2k-12.el7
          oval oval:com.redhat.rhsa:tst:20180998005
        • comment openssl-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888010
    rhsa
    id RHSA-2018:0998
    released 2018-04-10
    severity Moderate
    title RHSA-2018:0998: openssl security and bug fix update (Moderate)
  • rhsa
    id RHSA-2018:2185
  • rhsa
    id RHSA-2018:2186
  • rhsa
    id RHSA-2018:2187
rpms
  • openssl-1:1.0.2k-12.el7
  • openssl-devel-1:1.0.2k-12.el7
  • openssl-libs-1:1.0.2k-12.el7
  • openssl-perl-1:1.0.2k-12.el7
  • openssl-static-1:1.0.2k-12.el7
refmap via4
bid 102118
confirm
debian
  • DSA-4065
  • DSA-4157
freebsd FreeBSD-SA-17:12
gentoo GLSA-201712-03
misc https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a
sectrack 1039978
Last major update 07-12-2017 - 11:29
Published 07-12-2017 - 11:29
Last modified 18-07-2018 - 21:29
Back to Top