CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.

Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.

Expand Up

@@ -499,7 +499,7 @@ bool SSLSocket::setupCrypto(SSLSocket \*session /\* = NULL \*/) {

break;

case CryptoMethod::ClientTLS:

m\_data->m\_client = true;

smethod = TLSv1\_client\_method();

smethod = TLS\_client\_method();

break;

case CryptoMethod::ServerSSLv23:

m\_data->m\_client = false;

Expand Down Expand Up

@@ -542,7 +542,7 @@ bool SSLSocket::setupCrypto(SSLSocket \*session /\* = NULL \*/) {

  

case CryptoMethod::ServerTLS:

m\_data->m\_client = false;

smethod = TLSv1\_server\_method();

smethod = TLS\_server\_method();

break;

default:

return false;

Expand Down

Headline

CVE-2022-36937: [security] Disable TLS 1.0 in stream extension URLs · facebook/hhvm@083f5ff

CVE: Latest News