py-cryptography -- vulnerable HKDF key generation

Alex Gaynor reports: Fixed a bug where HKDF would return an empty byte-string if used with a length less than algorithm.digestsize...

OpenSSL has an unspecified vulnerability (CNVD-2016-02810)

OpenSSL is an open source capable of implementing the Secure Sockets Layer SSL v2/v3 and Secure Transport Layer TLS v1 protocols developed by the OpenSSL team as a general-purpose cryptographic library that supports a wide range of cryptographic algorithms including symmetric ciphers, hash...

CVE-2000-1254

crypto/rsa/rsagen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms...

DEBIAN-CVE-2000-1254

crypto/rsa/rsagen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms...

CVE-2000-1254

crypto/rsa/rsagen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms...

CVE-2000-1254

OpenSSL CVE-2000-1254: A vulnerability in crypto/rsa/rsa_gen.c where C bitwise-shift operations that exceed the size of an expression are mishandled, enabling a remote attacker on 64-bit HP-UX to defeat cryptographic protections. Affected: OpenSSL versions before 0.9.6. Impact: potential plaintex...

CVE-2000-1254

crypto/rsa/rsagen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms...

[SECURITY] Fedora 23 Update: python-rsa-3.4.1-1.fc23

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

SUSE SLED11 / SLES11 Security Update : libssh2_org (SUSE-SU-2016:0723-1)

This update for libssh2org fixes the following issues : - Add SHA256 support for DH group exchange fate320343, bsc961964 - fix CVE-2016-0787 bsc967026 - Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. Note...

SUSE-SU-2016:0723-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Add SHA256 support for DH group exchange fate320343, bsc961964 - fix CVE-2016-0787 bsc967026 Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys...

SUSE-SU-2016:0718-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: Security issue fixed: - CVE-2016-0787 bsc967026: Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. A feature was added: - Support of SHA256 digests for DH...

Fedora 22 : prosody-0.9.10-1.fc22 (2016-e2c5111eda)

Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...

SUSE-SU-2016:0625-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875...

SUSE-SU-2016:0622-1 Security update for libssh

This update for libssh fixes the following issues: CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875...

DLA-421-1 openssl - security update

Bulletin has no description...

prosody -- user impersonation vulnerability

The Prosody team reports: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756...

Samsung KNOX 1.0 Weak eCryptFS Key Generation

Subject: CVE-2016-1919 Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 Vulnerability Description ========================= The vulnerability allows disclosure of Data-at-Rest of Samsung KNOX 1.0 containers. KNOX container data is encrypted using eCryptFS containers. The...

Scientific Linux Security Update : ntp on 7.x x86_64 (2015:2231)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2015:2231-4 advisory. - The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field...

ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server...

SUSE SLED12 / SLES12 Security Update : Recommended update for openssl (SUSE-SU-2015:1410-1)

This update of openssl fixes two regressions. - A regression was caused by the security fix for CVE-2015-0287, where DSA keys were not correctly loaded from file anymore. bsc937492 - RSA key generation odd keylengths was entering an endless loop bsc937212 Note that Tenable Network Security has...