4231 matches found
openSUSE Security Update : openssh (openSUSE-2017-1351)
This update for openssh fixes the following issues : Security issue fixed : - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server bsc1065000. Bug fixes : - FIPS: Startup selfchecks bsc1068310. - FIPS: Silent complaints about unsupported key exchange methods bsc1006166...
SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2017:3230-1)
This update for openssh fixes the following issues: Security issue fixed : - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server bsc1065000. Bug fixes : - FIPS: Startup selfchecks bsc1068310. - FIPS: Silent complaints about unsupported key exchange methods bsc1006166....
SUSE-SU-2017:3230-1 Security update for openssh
This update for openssh fixes the following issues: Security issue fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server bsc1065000. Bug fixes: - FIPS: Startup selfchecks bsc1068310. - FIPS: Silent complaints about unsupported key exchange methods bsc1006166. -...
DUHK Attack Exposes Gaps in FIPS Certification
Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack Don’t Use Hardcoded Keys, isn’t likely to be part of many threat models. Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementatio...
DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions
DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi...
Important: Red Hat Security Advisory: rh-mysql57-mysql security and bug fix update
An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Oracle Linux 7 : openssh (ELSA-2017-2029)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2029 advisory. 7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless...
openssh security, bug fix, and enhancement update
7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless syscalls for s390 crypto modules 1451809 7.4p1-8 + 0.10.3-1 - Fix multilib issue in documentation 1450361 7.4p1-6 + 0.10.3-1 - ControlPath too long...
SUSE-SU-2017:1718-1 Security update for openvpn-openssl1
This update for openvpn-openssl1 fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a quite inefficient DoS attack on th...
System Integrity Management Platform: SIMP
System Integrity Management Platform The System Integrity Management Platform SIMP is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure. Expanding...
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco TalosOverviewMatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit SDK that is geared towards application in Internet of Things IOT devices and other embedded systems. It features low resource overhead a...
SUSE-SU-2017:1608-1 Security update for libgcrypt
This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. bsc1042326 - Don't require secure memory for the fips selftests, this prevents the 'Oops, secure memory pool...
SUSE SLED12 / SLES12 Security Update : dracut (SUSE-SU-2017:0951-1)
This update for dracut fixes the following issues: Security issues fixed : - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. bsc100834...
openSUSE Security Update : openssl (openSUSE-2017-256)
This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7055: The x8664 optimized montgomery multiplication may produce incorrect results bsc1009528 - CVE-2017-3731: Truncated packet could crash via OO...
Riverbed RiOS Insecure Cryptographic Storage
Riverbed RiOS insecure cryptographic storage CVE-2017-5670 Description Riverbed Steelhead hardware appliances are used to optimize and accelerate network traffic. There can be implemented as TLS endpoints, so they have a secure vault aimed to store private TLS certificates for servers. The secure...
NIST Calls for Submissions to Secure Data Against Quantum Computing
For a layman, it may be difficult to fathom how a standards body could be playing catch-up to a threat that could be at least a decade away. But that’s the position NIST finds itself in with the risk that quantum computers pose to existing cryptographic algorithms. Working, practical quantum...
DUHK Attack against Fortinet Products
When devices use ANSI X9.31 RNG which was removed from the list of FIPS-approved random number generation algorithms in January 2016 to generate cryptographic key under a static seed and under use with long-lived security tunnels like SSL/TLS/SSH/IPSec, such devices are vulnerable to the DUHK...
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1028)
This update for MozillaFirefox, mozilla-nss fixes the following issues : Changes in MozillaFirefox : - Mozilla Firefox 48.0.1 : - Fixed an audio regression impacting some major websites bmo1295296 - Fix a top crash in the JavaScript engine bmo1290469 - Fix a startup crash issue caused by Websense...
Security update for MozillaFirefox, mozilla-nss (important)
Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...
Security update for MozillaFirefox, mozilla-nss (important)
Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...