RHEL 8 : nss and nspr (RHSA-2020:3280)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3280 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

PyCrypto: Weak key generation

Background PyCrypto is the Python Cryptography Toolkit. Description It was discovered that PyCrypto incorrectly generated ElGamal key parameters. Impact Attackers may be able to obtain sensitive information by reading ciphertext data. Workaround There is no known workaround at this time. Resoluti...

openSUSE Security Update : mozilla-nss (openSUSE-2020-953)

This update for mozilla-nss fixes the following issues : mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation bsc1173032 - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:1017-1 Rating: important References: 1166238 1173576 1173613 Cross-References: CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421...

Mozilla Thunderbird < 78.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-29 advisory. - Mozilla developers and community members Bob Clary, Benjamin Bouvier, Calixte Denizet, Christian Holler...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:0983-1 Rating: important References: 1166238 1173576 1173613 Cross-References: CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421...

openSUSE: Security Advisory for mozilla-nss (openSUSE-SU-2020:0955-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0955-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation bsc1173032 - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony...

SUSE-SU-2020:1899-1 Security update for MozillaFirefox

This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing bsc1173576. - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster bsc1173576. - CVE-2020-12417: Memor...

Security update for mozilla-nss (moderate)

openSUSE Security Update: Security update for mozilla-nss Announcement ID: openSUSE-SU-2020:0955-1 Rating: moderate References: 1168669 1173032 Cross-References: CVE-2020-12402 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata is now available...

Security update for mozilla-nss (moderate)

openSUSE Security Update: Security update for mozilla-nss Announcement ID: openSUSE-SU-2020:0953-1 Rating: moderate References: 1168669 1173032 Cross-References: CVE-2020-12402 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...

CVE-2020-13131

An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...

CVE-2020-13131

An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...

DEBIAN-CVE-2020-13131

An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...

DEBIAN-CVE-2020-13132

An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...

UBUNTU-CVE-2020-13132

An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...

CVE-2020-13131

An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...

UBUNTU-CVE-2020-13131

An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...

CVE-2020-13131

An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...

ALPINE-CVE-2020-12402

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secr...