[SECURITY] Fedora 27 Update: bouncycastle-1.59-1.fc27

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8...

Security Bulletin: Arcfour vulnerability issue in IBM Storwize V7000 Unified

Summary IBM Storwize V7000 Unified was shipped with Arcfour which uses weak client-to-server encryption algorithms, for which fix is available. Vulnerability Details CVEID: CVE-2017-1375 DESCRIPTION: IBM System Storage Storwize V7000 Unified V7000U uses weaker than expected cryptographic algorith...

Security Bulletin: Multiple vulnerabilities affect the GSKit component of IBM Tivoli Monitoring

Summary The following security issues have been identified in the GSKit component included as part of the IBM Tivoil Monitoring product. Vulnerability Details CVEID: CVE-2018-1388 DESCRIPTION: GSKit V7 may disclose side channel information via discrepencies between valid and invalid PKCS1 padding...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments: Data Protection for Hyper-V. IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V has addressed the applicable CVEs...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) Server

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect formerly Tivoli Storage Manager Server. The IBM Spectrum Protect Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments: Data Protection for VMware. IBM Spectrum Protect for Virtual Environments: Data Protection for VMware has addressed the applicable CVEs...

Security Bulletin: Multiple vulnerabilities in the GSKit component of Tivoli Netcool/OMNIbus

Summary Multiple vulnerabilities has been addressed in the GSKit component of Tivoli Netcool/OMNIbus. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be...

Security Bulletin: IBM FileNet Image Services is affected by GSKit and GSKit-Crypto vulnerabilities

Summary IBM FileNet Image Services has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this...

Security Bulletin: eDiscovery Manager is affected by GSKit and GSKit-Crypto vulnerabilities

Summary eDiscovery Manager has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Details of the vulnerabilities is mentioned below. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private...

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine

Summary There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2016-5582 DESCRIPTION: A flaw in the Hotspot JIT compiler allows an attacker to disable the security manager and execute arbitrary code...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Service Tester (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Service Tester. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: IBM Security Network Protection is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, CVE-2017-3736, CVE-2017-3732, CVE-2016-0705, and CVE-2018-1447 have been discovered in GSKit used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is...

Security Bulletin: IBM Security Access Manager Appliance is affected by an encryption vulnerability (CVE-2017-1473)

Summary IBM Security Access Manager Appliance has addressed the following weak encryption vulnerability. Vulnerability Details CVEID: CVE-2017-1473 DESCRIPTION: IBM Security Access Manager Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

Security Bulletin: IBM Security Key Lifecycle Manager uses broken or risky cryptographic algorithm (CVE-2017-1664)

Summary IBM Security Key Lifecycle Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2017-1664 DESCRIPTION: IBM Tivoli Key Lifecycle Manager uses weaker than expected cryptographic...

Security Bulletin: IBM Security Key Lifecycle Manager uses indeaquate encryption strength algorithms (CVE-2017-1665)

Summary IBM Security Key Lifecycle Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2017-1665 DESCRIPTION: IBM Tivoli Key Lifecycle Manager uses weaker than expected cryptographic...

Security Bulletin: Multiple Security vulnerabilities fixed in IBM Security Privileged Identity Manager

Summary There are multiple Security vulnerabilities that are fixed in the IBM Security Privileged Identity Manager Vulnerability Details CVEID: CVE-2016-5957 DESCRIPTION: IBM Security Privileged Identity Manager uses weaker than expected cryptographic algorithms that could allow an attacker to...

Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879)

Summary The software uses an outdated insecure cipher or it is using a proprietary crypto standard which is likely to be vulnerable. Outdated/broken algorithms are MD4, MD5, SHA1, DES, ECB, RC4, Export ciphers, SSLv2, SSLv3, DH using keys less than 1024 Vulnerability Details CVEID: CVE-2016-2879...

Security Bulletin: CBC mode ciphers, weak MD5 and MAC algorithms vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2008-5161)

Summary CBC mode ciphers, weak MD5 and MAC algorithms vulnerabilities have been discovered in OpenSSH used with IBM Security Network Protection. These vulnerabilities have been addressed in the firmware versions below. Vulnerability Details CVEID: CVE-2008-5161 DESCRIPTION: OpenSSH and multiple S...

Security Bulletin: IBM Security Access Manager for Web appliances has some weak SSH MAC Algorithms enabled (CVE-2015-5012)

Summary IBM Security Access Manager for Web appliance enables some SSH MAC Algorithms that only provide weak security, which could leave sensitive information vulnerable to decryption. Vulnerability Details CVEID: CVE-2015-5012 DESCRIPTION: IBM Security Access Manager for Web could provide weaker...

Satellite Tracking Application: Gpredict

Gpredict is a real-time satellite tracking and orbit prediction application. It can track a large number of satellites and display their position and other data in lists, tables, maps, and polar plots radar view. Gpredict can also predict the time of future passes for a satellite, and provide you...