SUSE-SU-2018:1887-2 Security update for openssl

This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a ke...

GHSA-XQJ7-J8J5-F2XR Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 bet...

McAfee Threat Intelligence Exchange Server SSH HOST Secret Key Generation Vulnerability

McAfee Threat Intelligence Exchange Server is a threat intelligence exchange service program. A SSH HOST secret key generation vulnerability exists in the McAfee Threat Intelligence Exchange Server server, which allows remote attackers to exploit the vulnerability to submit a special request for ...

SUSE-SU-2018:2965-1 Security update for openssl-1_0_0

This update for openssl-100 to 1.0.2p fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has bee...

SUSE-SU-2018:2928-1 Security update for openssl

This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has been shown to be...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2018-1306)

According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client...

openSUSE Security Update : compat-openssl098 (openSUSE-2018-997)

This update for compat-openssl098 fixes the following security issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of...

openSUSE: Security Advisory for compat-openssl098 (openSUSE-SU-2018:2695-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for compat-openssl098 (moderate)

This update for compat-openssl098 fixes the following security issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of...

SUSE-SU-2018:2683-1 Security update for compat-openssl098

This update for compat-openssl098 fixes the following security issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of...

bouncycastle: flaw in the low-level interface to RSA key pair generator

A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated according to FIPS 186-4 C.3. Under some circumstances, this could lead to the generation of weak RSA key pairs...

Security update for libressl (moderate)

This update for libressl to version 2.8.0 fixes the following issues: Security issues fixed: - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. boo1097779 - Reject excessively large primes in DH key generation. - CVE-2018-8970: Fixed a bug in...

MGASA-2018-0365 Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...

SUSE-SU-2018:2492-1 Security update for openssl

This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have...

SUSE SLES11 Security Update : openssl (SUSE-SU-2018:2486-1)

This update for openssl fixes the following security issue : - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have...

SUSE-SU-2018:2486-1 Security update for openssl

This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have...

[SECURITY] Fedora 27 Update: yubico-piv-tool-1.6.0-1.fc27

The Yubico PIV tool is used for interacting with the Privilege and Identification Card PIV applet on a YubiKey NEO. With it you may generate keys on the device, importing keys and certificate s, and create certificate requests, and other operations. A shared library and a command-line tool is...

bouncycastle: flaw in the low-level interface to RSA key pair generator

A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated according to FIPS 186-4 C.3. Under some circumstances, this could lead to the generation of weak RSA key pairs...

bouncycastle: flaw in the low-level interface to RSA key pair generator

A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated according to FIPS 186-4 C.3. Under some circumstances, this could lead to the generation of weak RSA key pairs...

bouncycastle: flaw in the low-level interface to RSA key pair generator

A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated according to FIPS 186-4 C.3. Under some circumstances, this could lead to the generation of weak RSA key pairs...