Security update for openssl-1_1 (moderate)

openSUSE Security Update: Security update for openssl-11 Announcement ID: openSUSE-SU-2019:0152-1 Rating: moderate References: 1117951 1118913 Cross-References: CVE-2018-0737 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is now available...

SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2019:0197-1)

This update for openssl-11 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 Fix FIPS RSA generator bsc1118913 Note that Tenable Network Security has extracted the preceding description block directly from the...

SUSE-SU-2019:0197-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - Fix FIPS RSA generator bsc1118913...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Meltdown and Spectre

Cisco Talos is aware of three new vulnerabilities impacting Intel, AMD, Qualcomm and ARM processors used by almost all computers. We are investigating these issues and although we have not observed exploitation of these vulnerabilities in the wild, that does not mean that it has not occurred. We...

nettle: Information disclosure

Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description It was found that nettle’s RSA and DSA...

MGASA-2016-0093 Updated openssl packages fix security vulnerabilities

Update openssl packages fix security vulnerabilities: Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the...

Loxone Smart Home HTTP Answer Splitting Vulnerability

Loxone Smart Home is a WEB-based application. Loxone Smart Home suffers from an HTTP Answer Splitting vulnerability that allows attackers to conduct HTTP Answer Splitting attacks that can lead to caching...

CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...