Government Agencies Audit For Juniper Backdoor

Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide th...

Debian: Security Advisory (DSA-3456-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-1618

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

CVE-2016-1618

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

FreeBSD : chromium -- multiple vulnerabilities (371bbea9-3836-4832-9e70-e8e928727f8c)

Google Chrome Releases reports : This update includes 37 security fixes, including : - 497632 High CVE-2016-1612: Bad cast in V8. - 572871 High CVE-2016-1613: Use-after-free in PDFium. - 544691 Medium CVE-2016-1614: Information leak in Blink. - 468179 Medium CVE-2016-1615: Origin confusion in...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 48 to the stable channel for Windows, Mac and Linux. Chrome 48.0.2564.82 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: This update includes 37 security fixes, including: 497632 High CVE-2016-1612: Bad cast in V8. 572871 High CVE-2016-1613: Use-after-free in PDFium. 544691 Medium CVE-2016-1614: Information leak in Blink. 468179 Medium CVE-2016-1615: Origin confusion in Omnibox. 5414...

Juniper Removes Dual_EC, ANSI X9.31 Algorithms

Juniper Networks announced late Friday it was removing the suspicious DualECDRBG random number generator from its ScreenOS operating system. And while that’s heralded as a positive move considering DualEC’s dubious origins, there remain important and unanswered questions about Juniper’s decision ...

[SECURITY] [DSA 3439-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3439-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 10, 2016 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3439-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Juniper ScreenOS Backdoor Password

Researchers from two security firms have uncovered the password guarding one of the backdoors discovered in Juniper Networks’ ScreenOS, the operating system behind its NetScreen enterprise-grade firewalls. Fox-IT and Rapid7 found the secret code, which was disguised to look like debug code, said...

CVE-2015-6418

The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224...

CVE-2015-6418

The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224...

Cisco Small Business RV Router Information Disclosure Vulnerability

The Cisco Small Business RV Series routers provide virtual private network technology remote. Cisco Small Business RV Routers 4.x, SA500 Security Appliance Version 2.2.07 random number generator fails to have effective entropy, which can allow a remote attacker to determine the TLS key pair throu...

CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys...

NIST Drops Weak Dual_EC RNG From Official Recommendations

NIST officially has removed the controversial and compromised DualECDRBG from its list of recommended algorithms for generating random numbers. The DualEC random number generator was at the center of a controversy in the security community two years ago after revelations that the National Securit...

PRNG weakness allows for DNS poisoning on Android — Mozilla

Mozilla developer Daniel Stenberg reported that the DNS resolver in Firefox for Android uses an insufficiently random algorithm when generating random numbers for the unique identifier. This was derived from an old version of the Bionic libc library and suffered from insufficient randomness in th...

SecureRandom vulnerability details（CVE-2 0 1 3-7 3 7 2-the vulnerability warning-the black bar safety net

0×0 0 vulnerability overview Android 4.4 previous versions of the Java cryptographic architectureJCAusing Apache Harmony 6. 0M3 and the previous version of the SecureRandom implementation there is a security vulnerability, specifically located in the...

Network Time Protocol (NTP) vulnerability in AIX,Network Time Protocol (NTP) vulnerability in VIOS

IBM SECURITY ADVISORY First Issued: Tue Feb 10 12:06:45 CST 2015 |Updated: Thu Feb 12 10:54:48 CST 2015 |Corrected wrong CVE number |Corrected SP for 7100-02-07 |Updated Fri Feb 13 08:22:03 CST 2015 |Corrected typo in II. CVSS section |Updated Thu Feb 19 12:35:51 CST 2015 |Corrected upper fileset...

Mandriva Linux Security Advisory : ntp (MDVSA-2015:003)

Updated ntp packages fix security vulnerabilities : If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated CVE-2014-9293. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys...