306 matches found
RHEL 6 : openssl (RHSA-2015:0715)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0715 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a...
[SECURITY] Fedora 21 Update: libgcrypt-1.6.3-1.fc21
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...
[SECURITY] Fedora 22 Update: libgcrypt-1.6.3-1.fc22
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...
Google Releases End-To-End Chrome Extension to Open Source
Google yesterday announced that it has released the source code for its End-to-End extension for Chrome to open source via GitHub. End-to-End enables Gmail users to encrypt, sign and verify email messages within the Chrome browser, using OpenPGP. “We’ve always believed strongly that End-To-End mu...
USN-2339-2: Libgcrypt vulnerability
Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys...
Early Review of LibreSSL Finds Problematic PRNG
When the OpenBSD foundation sent LibreSSL out the door last weekend, it was with the full intention of getting some feedback and scrutiny in return, all in the name of making the crypto library stable and secure. What they likely didn’t expect were claims surfacing that LibreSSL shared some of th...
[SECURITY] Fedora 19 Update: botan-1.8.14-3.fc19
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...
GnuTLS Bug Exposes Shortcomings in TLS Test Suites
Code audits are often ugly tasks and can sometimes find ugly things. Case in point: the GnuTLS goto bug. Chief architect and Red Hat engineer Nikos Mavrogiannopoulos initiated a code audit of the open source crypto library that eventually turned up last week’s critical bug. The bad code has been...
[SECURITY] [DSA 2858-1] iceweasel security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2858-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 10, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2858-1 (iceweasel - several vulnerabilities)
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or...
DSA-2858-1 iceweasel - several
Bulletin has no description...
Debian: Security Advisory (DSA-2858-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Facebook Conceal Java Crypto LIbrary Open Sourced
Facebook has released to open source its Conceal Java crypto libraries for Android devices. Conceal, according to Facebook, offers developers a lightweight and efficient crypto library. The social media giant developed Conceal to handle encryption of storage on removable SD cards, something that...
RSA Denies NSA Backdoor Payment Allegations, But Questions Linger
The accumulation of hundreds of leaked documents and formerly secret operational methods used by the NSA in the last six months has led to a bit of a numbing effect, with some new leaks being met with a shrug of indifference. But the latest and most explosive entry in that ledger–the report that...
[SECURITY] Fedora 19 Update: libgcrypt-1.5.3-1.fc19
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...
Mandriva Linux Security Advisory : openvpn (MDVSA-2013:167)
Updated openvpn package fixes security vulnerability : OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementati...
PYSEC-2012-16
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...
CVE-2011-0766
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys...
Vulnerability In Crypto Library - Cisco Systems
"A vulnerability has been discovered in a third-party cryptographic library that is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One ASN.1 object is parsed. Due to the nature of the vulnerability it may be possible, in some case...
VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286,...