SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4266-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4266-1 advisory. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...

Amazon Linux 2022 : sendmail, sendmail-cf, sendmail-milter (ALAS2022-2022-171)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-171 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...

Ubuntu 22.04 LTS : nginx vulnerability (USN-5371-2)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5371-2 advisory. USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. Tenable has extracted the preceding...

Vulnerability discovered in TLS implementations

Researchers have discovered a vulnerability in the way TLS traffic is processed. The vulnerability has been named ALPACA and is caused by the fact that IP addresses and port numbers are not authenticated by TLS. A malicious party with a Man-in-the-Middle position can therefore encrypt network...