Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: A flaw was reported in the DTLS protocol implementation in GnuTLS. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol CVE-2020-11501...

Insecure Randomness

php is vulnerable to insecure randomness. The vulnerability as it was discovered that the PHP lcgvalue function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to genera...

Ubuntu 19.10 : gnutls28 vulnerability (USN-4322-1)

It was discovered that GnuTLS incorrectly handled randomness when performing DTLS negotiation. A remote attacker could possibly use this issue to obtain sensitive information, contrary to expectations. Note that Tenable Network Security has extracted the preceding description block directly from...

USN-4322-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled randomness when performing DTLS negotiation. A remote attacker could possibly use this issue to obtain sensitive information, contrary to expectations...

DEBIAN-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

UBUNTU-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

GnuTLS: DTLS protocol regression

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was discovered that DTLS client did not contribute any randomness to the DTLS negotiation. Impact Please review the referenced advisory for details. Workaround There is no known workaround at this time...

FreeBSD : GnuTLS -- flaw in DTLS protocol implementation (d887b3d9-7366-11ea-b81a-001cc0382b2f)

The GnuTLS project reports : It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol. C Tenable Network Security, Inc. The...

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

UBUNTU-CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

UBUNTU-CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

DEBIAN-CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

PYSEC-2020-211

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2018-19441

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secretkey values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to...

CVE-2018-19441

The CVE-2018-19441 issue affects Neato Botvac Connected 2.2.0. The GenerateRobotPassword function in the NeatoCrypto library uses insufficiently random numbers for robot secret_key values used in local and cloud authentication/authorization. Entropy depends solely on the robot’s serial number (pr...

Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2018-1174)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...