ALT-PU-2019-2844-1
Package mysql-workbench-community updated to version 8.0.17-alt1 for branch sisyphus in task 238945.
Closed vulnerabilities
BDU:2019-00985
Уязвимость функции SSL_shutdown средства криптографической защиты OpenSSL, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2024-11-21
CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
- openSUSE-SU-2019:1076
- openSUSE-SU-2019:1076
- openSUSE-SU-2019:1105
- openSUSE-SU-2019:1105
- openSUSE-SU-2019:1173
- openSUSE-SU-2019:1173
- openSUSE-SU-2019:1175
- openSUSE-SU-2019:1175
- openSUSE-SU-2019:1432
- openSUSE-SU-2019:1432
- openSUSE-SU-2019:1637
- openSUSE-SU-2019:1637
- 107174
- 107174
- RHSA-2019:2304
- RHSA-2019:2304
- RHSA-2019:2437
- RHSA-2019:2437
- RHSA-2019:2439
- RHSA-2019:2439
- RHSA-2019:2471
- RHSA-2019:2471
- RHSA-2019:3929
- RHSA-2019:3929
- RHSA-2019:3931
- RHSA-2019:3931
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
- https://kc.mcafee.com/corporate/index?page=content&id=SB10282
- https://kc.mcafee.com/corporate/index?page=content&id=SB10282
- [debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update
- [debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update
- FEDORA-2019-db06efdea1
- FEDORA-2019-db06efdea1
- FEDORA-2019-9a0a7c0986
- FEDORA-2019-9a0a7c0986
- FEDORA-2019-00c25b9379
- FEDORA-2019-00c25b9379
- GLSA-201903-10
- GLSA-201903-10
- https://security.netapp.com/advisory/ntap-20190301-0001/
- https://security.netapp.com/advisory/ntap-20190301-0001/
- https://security.netapp.com/advisory/ntap-20190301-0002/
- https://security.netapp.com/advisory/ntap-20190301-0002/
- https://security.netapp.com/advisory/ntap-20190423-0002/
- https://security.netapp.com/advisory/ntap-20190423-0002/
- https://support.f5.com/csp/article/K18549143
- https://support.f5.com/csp/article/K18549143
- https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS
- USN-3899-1
- USN-3899-1
- USN-4376-2
- USN-4376-2
- DSA-4400
- DSA-4400
- https://www.openssl.org/news/secadv/20190226.txt
- https://www.openssl.org/news/secadv/20190226.txt
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.tenable.com/security/tns-2019-02
- https://www.tenable.com/security/tns-2019-02
- https://www.tenable.com/security/tns-2019-03
- https://www.tenable.com/security/tns-2019-03
Closed bugs
Ошибка миграции базы данных