968 matches found
Updated python-pycrypto packages fix CVE-2013-1445
Updated python-pycrypto package fixes security vulnerability: In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator PRNG exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the...
Design/Logic Flaw
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...
CVE-2013-5173
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service temporary generator outage via an application that requires many random numbers...
CVE-2013-5180
The CVE-2013-5180 entry concerns the srandomdev function in Libc on Apple Mac OS X prior to 10.9. When the kernel random-number generator is unavailable, srandomdev produces predictable values instead of true randomness, which can help context-dependent attackers defeat cryptographic protections....
CVE-2013-5173
CVE-2013-5173: The kernel random-number generator in Apple Mac OS X before 10.9 allows local users to cause a denial of service (partial availability) by issuing requests for many random numbers. Affected: Mac OS X prior to 10.9. No remediation details are provided in the supplied documents.
CVE-2013-5180
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...
Debian DSA-2781-1 : python-crypto - PRNG not correctly reseeded in some situations
A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all...
Debian Security Advisory DSA 2781-1 (python-crypto - PRNG not correctly reseeded in some situations)
A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all...
Fedora 20 : python-pyrad-2.0-3.fc20 (2013-15838)
Better random number genetator Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Experts Worry About Long-Term Implications of NSA Revelations
With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA’s collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what...
Fedora 18 : python-pyrad-2.0-3.fc18 (2013-15877)
Better random number genetator Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Fedora 19 : python-pyrad-2.0-3.fc19 (2013-15891)
Better random number genetator Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Warning: Android Bitcoin wallet apps vulnerable to theft
A critical vulnerability in the Android implementation of the Java SecureRandom random number generator was discovered, that leaves Bitcoin digital wallets on the mobile platform vulnerable to theft. Before the announcement was made, users on the forums had noticed over 55 BTC were stolen a few...
Warning: Android Bitcoin wallet apps vulnerable to theft
A critical vulnerability in the Android implementation of the Java SecureRandom random number generator was discovered, that leaves Bitcoin digital wallets on the mobile platform vulnerable to theft. Before the announcement was made, users on the forums had noticed over 55 BTC were stolen a few...
Bitcoin Wallets on Android Vulnerable to Theft
Bitcoin wallets on the Android platform are vulnerable to theft after a vulnerability was discovered that could allow an attacker to guess a private key used to secure transactions involving the virtual currency. A post to a Bitcoin forum over the weekend pointed to a report of one address having...
Oracle Linux 5 : php (ELSA-2010-0919)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0919 advisory. - add security fix for CVE-2010-3870 626735 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...
DEBIAN-CVE-2012-3378
The registerapplication function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in...
CVE-2012-3378
The registerapplication function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. CVE-2007-3848, Important - A flaw...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
These new kernel packages contain fixes for the following security issues : - A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could trigger this flaw and cause a denial of service. CVE-2007-4574, Important - A fl...