Moderate: Red Hat Security Advisory: libndp security update

An update for libndp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS 6 : kernel (CESA-2016:0855)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Internet Bug Bounty: Bleichenbacher oracle in SSLv2 (CVE-2016-0704)

I'm retroactively submitting CVE-2016-0704, a.k.a. "Leaky Export", which is a Bleichenbacher-style bug that leads to another variant of the Special DROWN attack. I'm submitting on behalf of myself and J. Alex Halderman, as we independently found this bug. This was validated by OpenSSL as...

RHEL 6 : icedtea-web (RHSA-2016:0778)

An update for icedtea-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RHEL 6 : kernel (RHSA-2016:0855)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.7 update (Moderate) (RHSA-2016:0597)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0597 advisory. - tomcat: non-persistent DoS attack by feeding data by aborting an upload CVE-2014-0230 - EAP: HTTPS NIO connector uses no timeout when...

RHEL 6 : kernel (RHSA-2016:0715)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS 6 : kernel (CESA-2016:0715)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 5 : nss and nspr (RHSA-2016:0684)

An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

RHEL 7 : nss, nspr, nss-softokn, and nss-util (RHSA-2016:0685)

An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CentOS 6 : nspr / nss / nss-util (CESA-2016:0591)

An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.7 update (Moderate) (RHSA-2016:0596)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0596 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.7 update

An update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

RHEL 7 : krb5 (RHSA-2016:0532)

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CentOS 6 : kernel (CESA-2016:0494)

Updated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 6 : openssh (RHSA-2016:0466)

Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

RHEL 6 / 7 : Satellite 6.1.7 (RHSA-2016:0174)

Updated Satellite 6.1 packages that fix one security issue, add one enhancement, and fix several bugs are available for Satellite 6.1.7. Red Hat Product Security has rated this update as having Moderate Security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

RHEL 5 : bind97 (RHSA-2016:0074)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0074 advisory. - bind: specific APL data could trigger an INSIST in apl42.c CVE-2015-8704 Note that Nessus has not tested for this issue but has instead relied only...

Oracle Linux 6 : samba4 (ELSA-2016-0010)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0010 advisory. - resolves: 1290708 - CVE-2015-7540 - related: 1290708 - CVE-2015-5299 - related: 1290708 - CVE-2015-5296 - related: 1290708 - CVE-2015-5252 Tenable ha...

Small subgroup attack in Mozilla NSS

tl;dr While the TLS servers attacks has been pretty much studied and fixed see e.g. https://www.secure-resumption.com/ and https://weakdh.org/ the situation with the TLS clients is was not ideal and can be improved. Here I report a Small subgroup attack for TLS clients that I performed against...