Static Analysis Tool: Bindead

The tool is based on the dynamic instrumentation framework PIN from Intel. Currently PIN is only working with the x86 architecture. Additionally, bintrace currently is limited to the Linux platform but will be ported to Windows when there is the need to. Actually, building for Windows might work...

DLA-175-1 gnupg - security update

Bulletin has no description...

Debian DSA-3184-1 : gnupg - security update

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard : - CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite...

Debian DSA-3185-1 : libgcrypt11 - security update

Multiple vulnerabilities were discovered in libgcrypt : - CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on...

DSA-3185-1 libgcrypt11 - security update

Bulletin has no description...

DSA-3184-1 gnupg - security update

Bulletin has no description...

Debian Security Advisory DSA 3184-1 (gnupg - security update)

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite...

Debian Security Advisory DSA 3185-1 (libgcrypt11 - security update)

Multiple vulnerabilities were discovered in libgcrypt: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on...

Debian: Security Advisory (DSA-3185-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated gnupg and libgcrypt packages fix security vulnerabilities

GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak CVE-2014-3591. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak...

UBUNTU-CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

theZoo aka Malware DB

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis we have decided to gather all of them for you in an available and safe...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 3, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

jboss-as-server: Unchecked access to MSC Service Registry under JSM

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...

[SECURITY] Fedora 21 Update: grub2-2.02-0.13.fc21

The GRand Unified Bootloader GRUB is a highly configurable and customizab le bootloader with modular architecture. It support rich varietyof kernel for mats, file systems, computer architectures and hardware devices. This subpackage provides support for PC BIOS systems...

MGASA-2014-0474 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.24 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.24 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...

[SECURITY] Fedora 20 Update: pidgin-2.10.10-1.fc20

Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just...

[SECURITY] Fedora 21 Update: pidgin-2.10.10-2.fc21

Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just...

Zarp - Local Network Attack Framework

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once,...