Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)

Summary GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. ...

Medium: openssl11

Issue Overview: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that...

Inconsistency Between Implementation And Documented Design

nodejs is vulnerable to Inconsistency Between Implementation and Documented Design. The vulnerability is due to generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys.This discrepancy between the documented and actual behavior of the API allows ...

SUSE-SU-2023:4593-1 Security update for compat-openssl098

This update for compat-openssl098 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service bsc1216922...

SUSE-SU-2023:4524-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service bsc1216922...

Oracle Linux 8 : tang (ELSA-2023-7022)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-7022 advisory. 7-8 - Set correct user/group tang/tang in tangd-keygen Resolves: rhbz2188743 7-7 - Fix race condition when creating/rotating keys Resolves: rhbz2182410 Resolves...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Tang vulnerability (USN-6489-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6489-1 advisory. Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly...

SUSE CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

The vulnerability of the implementation of the HMAC (Hash-based Message Authentication Code) algorithm in Windows operating systems allows attackers to circumvent security restrictions and enhance their privileges.

The vulnerability of the HMAC Hash-based Message Authentication Code algorithm implementation in Windows operating systems is related to deficiencies in access control during key generation. Exploiting this vulnerability can allow attackers to circumvent security restrictions and enhance their...

OESA-2023-1821 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact...

Oracle Linux 9 : tang (ELSA-2023-6492)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6492 advisory. 14-2 - Fix service start up 14-1 - New upstream release - v14. Resolves: rhbz2182411 Resolves: CVE-2023-1672 Tenable has extracted the preceding description blo...

tang: Race condition exists in the key generation and rotation functionality

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

CentOS 8 : tang (CESA-2023:7022)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:7022 advisory. - A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys...

ALSA-2023:7022 Moderate: tang security and bug fix update

Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service. The tang package provides the server side of the Network Bound Disk Encryption NBDE project. Security Fixes: tang: Race condition exists in the key...

CVE-2023-5678

A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the R...

SUSE CVE-2023-5678

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

tang: Race condition exists in the key generation and rotation functionality

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

Moderate: tang security update

Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service. The tang package provides the server side of the Network Bound Disk Encryption NBDE project. Security Fixes: tang: Race condition exists in the key...

Debian dla-3648 : tang - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3648 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3648-1 [email protected] https://www.debian.org/lts/security/...

RHEL 9 : tang (RHSA-2023:6492)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6492 advisory. Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service...