[SECURITY] [DSA 2313-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2313-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 29, 2011 http://www.debian.org/security/faq -...

Dutch Government Sets Sept. 28 Kill Date for DigiNotar Certs

Adobe said on Friday that its products would soon reject certificates issued by the disgraced Dutch certificate authority DigiNotar following the Dutch government’s decision, Friday, to revoke DigiNotar PKIoverheid CA certificates used by government agencies on September 28. The news sets an...

DEBIAN-CVE-2011-3207

crypto/x509/x509vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past...

Debian DSA-2309-1 : openssl - compromised certificate authority

Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar's signing certificates can no longer be...

Mozilla Asks Firefox CAs to Audit Security Systems in Wake of DigiNotar Hack

Already having revoked trust in the root certificates issued by DigiNotar, Mozilla is taking steps to avoid having to repeat that process with any other certificate authority trusted by Firefox, asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that...

DigiNotar Hacker Says He Has GlobalSign Database Backups, Other Data

As GlobalSign continues the investigation into the claimed compromise of its CA infrastructure, the attacker who says he breached DigiNotar and Comodo said in another message on Pastebin Wednesday that not only did he hack GlobalSign, but he has the private key used to sign the certificate for th...

Microsoft Revokes Trust in Five DigiNotar Root Certs, Mozilla Drops Trust For Staat der Nederland Certs

The fallout from the DigiNotar compromise continued on Tuesday, as Microsoft said it has now revoked its trust of all five of the certificate authority’s root certificates. The update that makes this change is being pushed out to users on all supported versions of Windows. Mozilla also released n...

FreeBSD : nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl (aa5bc971-d635-11e0-b3cf-080027ef73ec)

Heather Adkins, Google's Information Security Manager, reported that Google received ... reports of attempted SSL man-in-the-middle MITM attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The...

OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities

Binary data 801065.prm...

DigiNotar Says Its CA Infrastructure Was Compromised

VASCO, the parent company of DigiNotar, says that the fraudulent certificate for Google’s domains that the certificate authority issued was just one of many such bogus certificates it handed out in recent months, and blamed the growing scandal on an attack on its CA infrastructure. In a statement...

Attackers Obtain Valid Cert for Google Domains, Mozilla Moves to Revoke It

UPDATE: A certificate authority in the Netherlands issued a valid SSL wildcard certificate for Google to a third party in July, leading to concerns that attackers may have been using the certificate to route sensitive traffic through their own servers, capturing it and compromising user data in t...

nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl

Heather Adkins, Google's Information Security Manager, reported that Google received ... reports of attempted SSL man-in-the-middle MITM attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The...

THE CRAZIES Hackers Leaks Server Certificates of Defense Information Systems Agency (DISA)

THE CRAZIES Hackers Leaks Server Certificates of Defense Information Systems Agency DISA THE CRAZIES Hackers steal the Several Certificate revocation lists CRLs from Server of Defense Information Systems Agency DISA - and leak the Certificates at : Reason of Hacking is Freedom of Libyan nation,...

THE CRAZIES Hackers Leaks Server Certificates of Defense Information Systems Agency (DISA)

THE CRAZIES Hackers Leaks Server Certificates of Defense Information Systems Agency DISA THE CRAZIES Hackers steal the Several Certificate revocation lists CRLs from Server of Defense Information Systems Agency DISA - https://disa.mil/ and leak the Certificates at :...

Design/Logic Flaw

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service application crash via vectors involving a Certificate Revocation List CRL file, as demonstrated by the multicert-ca-02.crl file...

PT-2011-2179 · Apple · Macos X

Name of the Vulnerable Software and Affected Versions: Mac OS X versions prior to 10.6.8 Description: The issue concerns the Certificate Trust Policy component, which fails to perform CRL checking for Extended Validation EV certificates lacking OCSP URLs. This might allow man-in-the-middle...

Opera < 11.11 Multiple Vulnerabilities

Binary data 5925.prm...

CVE-2011-1846

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757...

CVE-2010-4764

Open Ticket Request System OTRS before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation...

IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability

The host is running IBM DB2 and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2dbadmsecbypassvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2011 Greenbone...