522 matches found
Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)
According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection XXE flaw exists in the Apache ActiveMQ component due to a faulty...
CentOS 6 / 7 : nss / nss-util (CESA-2015:1185) (Logjam)
Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
UBUNTU-CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...
SSL/TLS is the latest vulnerability ordination ceremony parsing-vulnerability warning-the black bar safety net
2 0 1 5 year 3 month, there are about 3 0% of the network communication is controlled by the RC4 to be protected. By“ordination ceremony”attack, the attacker may be in a particular environment just by sniffing the visit listen you can restore using RC4 to protect the encrypted information in plai...
openssl-fips security update
1.0.1m-2.0.1 - update to upstream 1.0.1m - update to fips canister 2.0.9 - regenerated below patches openssl-1.0.1-beta2-rpmbuild.patch openssl-1.0.1m-rhcompat.patch openssl-1.0.1m-ecc-suiteb.patch openssl-1.0.1m-fips-mode.patch openssl-1.0.1m-version.patch openssl-1.0.1m-evp-devel.patch...
FREAK Attack: How to Protect Yourself
The recently disclosed FREAK Factoring attack on RSA Export Keys attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices. FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to us...
APPLE-SA-2015-03-09-2 AppleTV 7.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-2 AppleTV 7.1 AppleTV 7.1 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description:...
Dealing with FREAK and SuperFish
Security Dealing with FREAK and SuperFish Share March 10th, 2015 The FREAK TLS attack Following the trend of memorable names for TLS attacks, FREAK was recently announced. This exploits a bug in some TLS libraries, combined with the support of ancient weak ciphers, to enable a MitM to force...
“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net
Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no...
Researchers Say POODLE Attack Affects Some TLS Implementations
The POODLE attack against SSLv3 that researchers from Google revealed earlier this year also affects some implementations of TLS and vendors now are scrambling to release patches for gear affected by the vulnerability. Soon after the POODLE attack was disclosed in October, researchers began looki...
Moderate: Red Hat Security Advisory: python-keystoneclient security and bug fix update
Updated python-keystoneclient packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...
[ MDVSA-2014:170 ] jakarta-commons-httpclient
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:170 http://www.mandriva.com/en/support/security/ Package : jakarta-commons-httpclient Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated jakarta-commons-httpclient and...
F5 Networks BIG-IP : TLS vulnerability (SOL15564)
The ssl23getclienthello function in s23srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a 'protocol...
SOL15564 - TLS vulnerability CVE-2014-3511
1 If you are planning to upgrade to BIG-IP APM 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to SOL15914: The tmm process may restart and produce a core file after BIG-IP APM systems are upgraded...
MGASA-2014-0347 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 35.0.1916.155 Platform version: 5712.88.0 / 5712.89.0 for all Chrome OS devices. This build contains a flash update 14.0.0.125, number of bug fixes, and security updates. Here is the Chromium change log. Systems will be receiving updates over the next severa...
openssl: SSL/TLS MITM vulnerability
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...
OpenSSL Fixes TLS Vulnerability
The maintainers of the OpenSSL library, one of the more widely deployed cryptographic libraries on the Web, have fixed a serious vulnerability that could have resulted in the revelation of 64 KB of memory to any client or server that was connected. The details of the vulnerability, fixed in versi...
APPLE-SA-2014-02-21-3 Apple TV 6.0.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-21-3 Apple TV 6.0.2 Apple TV 6.0.2 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may capture or modify data in sessions...
Updated telepathy-gabble package fixes security vulnerability
Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack...