Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2015-7575) (Multiple Advisories): openssl security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Oracle Linux: (CVE-2015-7575) (Multiple Advisories): openssl security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

01/08/2016

Created

07/25/2018

Added

03/22/2016

Modified

01/22/2020

Description

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Solution(s)

oracle-linux-upgrade-gnutls
oracle-linux-upgrade-gnutls-c
oracle-linux-upgrade-gnutls-dane
oracle-linux-upgrade-gnutls-devel
oracle-linux-upgrade-gnutls-guile
oracle-linux-upgrade-gnutls-utils
oracle-linux-upgrade-java-1-7-0-openjdk
oracle-linux-upgrade-java-1-7-0-openjdk-demo
oracle-linux-upgrade-java-1-7-0-openjdk-devel
oracle-linux-upgrade-java-1-7-0-openjdk-javadoc
oracle-linux-upgrade-java-1-7-0-openjdk-src
oracle-linux-upgrade-java-1-8-0-openjdk
oracle-linux-upgrade-java-1-8-0-openjdk-accessibility
oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-debug
oracle-linux-upgrade-java-1-8-0-openjdk-debug
oracle-linux-upgrade-java-1-8-0-openjdk-demo
oracle-linux-upgrade-java-1-8-0-openjdk-demo-debug
oracle-linux-upgrade-java-1-8-0-openjdk-devel
oracle-linux-upgrade-java-1-8-0-openjdk-devel-debug
oracle-linux-upgrade-java-1-8-0-openjdk-headless
oracle-linux-upgrade-java-1-8-0-openjdk-headless-debug
oracle-linux-upgrade-java-1-8-0-openjdk-javadoc
oracle-linux-upgrade-java-1-8-0-openjdk-javadoc-debug
oracle-linux-upgrade-java-1-8-0-openjdk-src
oracle-linux-upgrade-java-1-8-0-openjdk-src-debug
oracle-linux-upgrade-openssl
oracle-linux-upgrade-openssl-devel
oracle-linux-upgrade-openssl-perl
oracle-linux-upgrade-openssl-static

References

ELSA-2016-0996
SUSE-SU-2016:0256
SUSE-SU-2016:0265
SUSE-SU-2016:0269
RHSA-2016:0049
RHSA-2016:0050
RHSA-2016:0053
RHSA-2016:0054
RHSA-2016:0055
RHSA-2016:0056
RHSA-2016:1430
DLA-410-1
DSA-3436
DSA-3437
DSA-3457
DSA-3458
DSA-3465
DSA-3491
DSA-3688
79684
91787
1034541
1036467
USN-2863-1
USN-2864-1
USN-2865-1
USN-2866-1
USN-2884-1
USN-2904-1
GLSA-201701-46
GLSA-201706-18
GLSA-201801-15
CVE-2015-7575

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2015-7575) (Multiple Advisories): openssl security update

Oracle Linux: (CVE-2015-7575) (Multiple Advisories): openssl security update

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.