Vulnerabilities > CVE-2019-1563 - Information Exposure Through Discrepancy vulnerability in Openssl

047910
CVSS 3.7 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
high complexity
openssl
CWE-203
nessus

Summary

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2430.NASL
    descriptionAccording to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).(CVE-2018-0734) - Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on
    last seen2020-05-08
    modified2019-12-04
    plugin id131584
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131584
    titleEulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131584);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-0734",
        "CVE-2018-5407",
        "CVE-2019-1547",
        "CVE-2019-1563"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the openssl110f packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - The OpenSSL DSA signature algorithm has been shown to
        be vulnerable to a timing side channel attack. An
        attacker could use variations in the signing algorithm
        to recover the private key. Fixed in OpenSSL 1.1.1a
        (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected
        1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected
        1.0.2-1.0.2p).(CVE-2018-0734)
    
      - Simultaneous Multi-threading (SMT) in processors can
        enable local users to exploit software vulnerable to
        timing attacks via a side-channel timing attack on
        'port contention'.(CVE-2018-5407)
    
      - Normally in OpenSSL EC groups always have a co-factor
        present and this is used in side channel resistant code
        paths. However, in some cases, it is possible to
        construct a group using explicit parameters (instead of
        using a named curve). In those cases it is possible
        that such a group does not have the cofactor present.
        This can occur even where all the parameters match a
        known named curve. If such a curve is used then OpenSSL
        falls back to non-side channel resistant code paths
        which may result in full key recovery during an ECDSA
        signature operation. In order to be vulnerable an
        attacker would have to have the ability to time the
        creation of a large number of signatures where explicit
        parameters with no co-factor present are in use by an
        application using libcrypto. For the avoidance of doubt
        libssl is not vulnerable because explicit parameters
        are never used. Fixed in OpenSSL 1.1.1d (Affected
        1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected
        1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected
        1.0.2-1.0.2s).(CVE-2019-1547)
    
      - In situations where an attacker receives automated
        notification of the success or failure of a decryption
        attempt an attacker, after sending a very large number
        of messages to be decrypted, can recover a CMS/PKCS7
        transported encryption key or decrypt any RSA encrypted
        message that was encrypted with the public RSA key,
        using a Bleichenbacher padding oracle attack.
        Applications are not affected if they use a certificate
        together with the private RSA key to the CMS_decrypt or
        PKCS7_decrypt functions to select the correct recipient
        info to decrypt. Fixed in OpenSSL 1.1.1d (Affected
        1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected
        1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected
        1.0.2-1.0.2s).(CVE-2019-1563)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2430
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c75fc767");
      script_set_attribute(attribute:"solution", value:
    "Update the affected openssl110f packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1563");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl110f");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl110f-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl110f-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["openssl110f-1.1.0f-5.h11",
            "openssl110f-devel-1.1.0f-5.h11",
            "openssl110f-libs-1.1.0f-5.h11"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl110f");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4376-1.NASL
    descriptionCesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Matt Caswell discovered that OpenSSL incorrectly handled the random number generator (RNG). This may result in applications that use the fork() system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-1549) Guido Vranken discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2019-1551) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-05-29
    plugin id136967
    published2020-05-29
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136967
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : openssl vulnerabilities (USN-4376-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4376-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136967);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05");
    
      script_cve_id("CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1551", "CVE-2019-1563");
      script_xref(name:"USN", value:"4376-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : openssl vulnerabilities (USN-4376-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, Iaroslav
    Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that
    OpenSSL incorrectly handled ECDSA signatures. An attacker could
    possibly use this issue to perform a timing side-channel attack and
    recover private ECDSA keys. (CVE-2019-1547)
    
    Matt Caswell discovered that OpenSSL incorrectly handled the random
    number generator (RNG). This may result in applications that use the
    fork() system call sharing the same RNG state between the parent and
    the child, contrary to expectations. This issue only affected Ubuntu
    18.04 LTS and Ubuntu 19.10. (CVE-2019-1549)
    
    Guido Vranken discovered that OpenSSL incorrectly performed the x86_64
    Montgomery squaring procedure. While unlikely, a remote attacker could
    possibly use this issue to recover private keys. (CVE-2019-1551)
    
    Bernd Edlinger discovered that OpenSSL incorrectly handled certain
    decryption functions. In certain scenarios, a remote attacker could
    possibly use this issue to perform a padding oracle attack and decrypt
    traffic. (CVE-2019-1563).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4376-1/"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected libssl1.0.0 and / or libssl1.1 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl1.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"libssl1.0.0", pkgver:"1.0.2g-1ubuntu4.16")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libssl1.1", pkgver:"1.1.1-1ubuntu2.1~18.04.6")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"libssl1.1", pkgver:"1.1.1c-1ubuntu4.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssl1.0.0 / libssl1.1");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2254.NASL
    descriptionAccording to the versions of the openssl1.1.0f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used.(CVE-2019-1547) - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.(CVE-2019-1563) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130716
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130716
    titleEulerOS 2.0 SP3 : openssl1.1.0f (EulerOS-SA-2019-2254)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2403-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : OpenSSL Security Advisory [10 September 2019] CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129047
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129047
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2019:2403-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D51641F152.NASL
    descriptionMinor update release 1.1.1d with low impact security fixes. ---- Fix for TLS non-compliance causing server interoperability problems with golang TLS client. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129513
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129513
    titleFedora 29 : 1:openssl (2019-d51641f152)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4540.NASL
    descriptionTwo security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey().
    last seen2020-06-01
    modified2020-06-02
    plugin id129507
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129507
    titleDebian DSA-4540-1 : openssl1.0 - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1221.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1563) - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1547) - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-03-19
    modified2020-03-13
    plugin id134510
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134510
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2020-1221)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2464.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1547) - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1563) - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-05-08
    modified2019-12-04
    plugin id131617
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131617
    titleEulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-2464)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0177_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id129692
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129692
    titlePhoton OS 2.0: Openssl PHSA-2019-2.0-0177
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0032_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id130113
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130113
    titlePhoton OS 3.0: Openssl PHSA-2019-3.0-0032
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1061.NASL
    descriptionAccording to the versions of the compat-openssl10 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fix(es):OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-06-01
    modified2020-06-02
    plugin id132815
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132815
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : compat-openssl10 (EulerOS-SA-2020-1061)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2098.NASL
    descriptionAccording to the versions of the compat-openssl10 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. (CVE-2019-1547) - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.(CVE-2019-1563) - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-05-03
    modified2019-11-12
    plugin id130807
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130807
    titleEulerOS 2.0 SP8 : compat-openssl10 (EulerOS-SA-2019-2098)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4539.NASL
    descriptionThree security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey() and it was discovered that a feature of the random number generator (RNG) intended to protect against shared RNG state between parent and child processes in the event of a fork() syscall was not used by default.
    last seen2020-06-01
    modified2020-06-02
    plugin id129506
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129506
    titleDebian DSA-4539-1 : openssl - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1932.NASL
    descriptionTwo security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. CVE-2019-1563 In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id129362
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129362
    titleDebian DLA-1932-1 : openssl security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D15AAC6C4E.NASL
    descriptionMinor update release 1.1.1d with low impact security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129327
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129327
    titleFedora 30 : 1:openssl (2019-d15aac6c4e)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2218.NASL
    descriptionAccording to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).(CVE-2018-0734) - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used.(CVE-2019-1547) - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.(CVE-2019-1563) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130680
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130680
    titleEulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2410-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : OpenSSL Security Advisory [10 September 2019] CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129153
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129153
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2019:2410-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2397-1.NASL
    descriptionThis update for openssl fixes the following issues : OpenSSL Security Advisory [10 September 2019] CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) CVE-2019-1563: Fixed a Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129044
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129044
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2019:2397-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2269.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129670
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129670
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2019-2269)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2189.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129380
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129380
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2019-2189)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2020-1344.NASL
    descriptionIn situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). (CVE-2019-1563)
    last seen2020-03-17
    modified2020-02-24
    plugin id133870
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133870
    titleAmazon Linux AMI : openssl (ALAS-2020-1344)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2268.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129669
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129669
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2019-2268)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1406.NASL
    descriptionNormally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). (CVE-2019-1547) In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). (CVE-2019-1563)
    last seen2020-03-30
    modified2020-03-26
    plugin id134897
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134897
    titleAmazon Linux 2 : openssl (ALAS-2020-1406)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-254-03.NASL
    descriptionNew openssl packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128751
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128751
    titleSlackware 14.2 / current : openssl (SSA:2019-254-03)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2561-1.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : OpenSSL Security Advisory [10 September 2019] CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129676
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129676
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2019:2561-1)
  • NASL familyMisc.
    NASL idORACLE_SECURE_GLOBAL_DESKTOP_JAN_2020_CPU.NASL
    descriptionThe version of Oracle Secure Global Desktop installed on the remote host is missing a security patch from the January 2020 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability exists in the Core (Apache Axis) component. An unauthenticated, adjacent attacker can exploit this issue, to execute arbitrary commands. (CVE-2019-0227) - A cross-site scripting vulnerability exists in the Web Server (Appache HTTPD Server) component. An unauthenticated, remote attacker can exploit this issue via causing the link on the mod_proxy error page to be malformed and point to a page of the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id133042
    published2020-01-17
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133042
    titleOracle Secure Global Desktop Multiple Vulnerabilities (January 2020 CPU)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1337.NASL
    descriptionThe remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1337 advisory. - httpd: memory corruption on early pushes (CVE-2019-10081) - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082) - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092) - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097) - httpd: mod_rewrite potential open redirect (CVE-2019-10098) - openssl: side-channel weak encryption vulnerability (CVE-2019-1547) - openssl: information disclosure in fork() (CVE-2019-1549) - openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-06
    plugin id135235
    published2020-04-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135235
    titleRHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 (RHSA-2020:1337)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2097.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. (CVE-2019-1547) - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.(CVE-2019-1563) - OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all.(CVE-2019-1549) - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-05-03
    modified2019-11-12
    plugin id130806
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130806
    titleEulerOS 2.0 SP8 : openssl (EulerOS-SA-2019-2097)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2158.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129281
    published2019-09-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129281
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2019-2158)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0099-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transported key (bsc#1150250). CVE-2019-1551: Fixed integer overflow in RSAZ modular exponentiation on x86_64 (bsc#1158809). CVE-2019-1549: Fixed fork problem with random generator (bsc#1150247). CVE-2019-1547: Fixed EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). Bug fixes : Ship the openssl 1.1.1 binary as openssl-1_1, and make it installable in parallel with the system openssl (bsc#1140277). Update to 1.1.1d (bsc#1133925, jsc#SLE-6430). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2020-01-15
    plugin id132926
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132926
    titleSUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2020:0099-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2504-1.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : OpenSSL Security Advisory [10 September 2019] CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129528
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129528
    titleSUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2019:2504-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0252_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id129786
    published2019-10-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129786
    titlePhoton OS 1.0: Openssl PHSA-2019-1.0-0252
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2413-1.NASL
    descriptionThis update for openssl fixes the following issues : OpenSSL Security Advisory [10 September 2019] CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129155
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129155
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2019:2413-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2216.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used.(CVE-2019-1547) - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.(CVE-2019-1563) - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-05-08
    modified2019-11-08
    plugin id130678
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130678
    titleEulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-2216)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2264.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used.(CVE-2019-1547) - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.(CVE-2019-1563) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130726
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130726
    titleEulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2264)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1063.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1563) - OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).(CVE-2019-1549) - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1547) - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-05-09
    modified2020-01-13
    plugin id132817
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132817
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : openssl (EulerOS-SA-2020-1063)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2558-1.NASL
    descriptionThis update for compat-openssl098 fixes the following issues : OpenSSL Security Advisory [10 September 2019] CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129674
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129674
    titleSUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2019:2558-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0255_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id129684
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129684
    titlePhoton OS 1.0: Openssl PHSA-2019-1.0-0255
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1274.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1563) - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1547) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134740
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134740
    titleEulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1274)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201911-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201911-04 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id130636
    published2019-11-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130636
    titleGLSA-201911-04 : OpenSSL: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9AB7EE6309.NASL
    descriptionMinor update release 1.1.1d with low impact security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129635
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129635
    titleFedora 31 : 1:openssl (2019-9ab7ee6309)

Redhat

advisories
bugzilla
id1793984
title[RHEL 8][s390x] Restore modified SIGILL signal handler during libcrypto library initialisation
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentopenssl-debugsource is earlier than 1:1.1.1c-15.el8
          ovaloval:com.redhat.rhsa:tst:20201840001
        • commentopenssl-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193700004
      • AND
        • commentopenssl-perl is earlier than 1:1.1.1c-15.el8
          ovaloval:com.redhat.rhsa:tst:20201840003
        • commentopenssl-perl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929004
      • AND
        • commentopenssl-libs is earlier than 1:1.1.1c-15.el8
          ovaloval:com.redhat.rhsa:tst:20201840005
        • commentopenssl-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929010
      • AND
        • commentopenssl-devel is earlier than 1:1.1.1c-15.el8
          ovaloval:com.redhat.rhsa:tst:20201840007
        • commentopenssl-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929002
      • AND
        • commentopenssl is earlier than 1:1.1.1c-15.el8
          ovaloval:com.redhat.rhsa:tst:20201840009
        • commentopenssl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929008
rhsa
idRHSA-2020:1840
released2020-04-28
severityModerate
titleRHSA-2020:1840: openssl security and bug fix update (Moderate)
rpms
  • jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6
  • jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7
  • jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6
  • jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7
  • jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6
  • jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7
  • jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6
  • jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7
  • jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7
  • openssl-1:1.1.1c-15.el8
  • openssl-debuginfo-1:1.1.1c-15.el8
  • openssl-debugsource-1:1.1.1c-15.el8
  • openssl-devel-1:1.1.1c-15.el8
  • openssl-libs-1:1.1.1c-15.el8
  • openssl-libs-debuginfo-1:1.1.1c-15.el8
  • openssl-perl-1:1.1.1c-15.el8

References