Tag: CVE

Update and Patch OpenSSL on Ubuntu for the CCS Injection Vulnerability

What is OpenSSL? OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more. What is “the CCS Injection Vulnerability”? The ChangeCipherSpec (CCS) Injection Vulnerability is a moderately severe vulnerability in OpenSSL, known formally as “SSL/TLS MITM vulnerability (CVE-2014-0224)“….

Update and Patch OpenSSL on CentOS for the CCS Injection Vulnerability

What is OpenSSL? OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more. What is “the CCS Injection Vulnerability”? The ChangeCipherSpec (CCS) Injection Vulnerability is a moderately severe vulnerability in OpenSSL, known formally as “SSL/TLS MITM vulnerability (CVE-2014-0224)“….

Information on CVE-2015-3456 QEMU Vulnerability (VENOM)

Overview VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms. Impact Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can…

Information on CVE-2015-5154

Overview Information on CVE-2015-5154 was made public on July 27, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms. Impact Specifically a flaw with how QEMU’s IDE subsystem handles buffer access while processing certain ATAPI commands,…

Update and Patch OpenSSL for Heartbleed Vulnerability

What is OpenSSL? OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more. What is “the Heartbleed Bug”? The Heartbleed Bug is a severe vulnerability in OpenSSL, known formally as “TLS heartbeat read overrun (CVE-2014-0160)“. As of April…