[SECURITY] [DLA 1418-1] bouncycastle security update

Package : bouncycastle Version : 1.49+dfsg-3+deb8u3 CVE ID : CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000341 CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000345 CVE-2016-1000346 Several security vulnerabilities were found in Bouncy Castle, a Java implementation of cryptographic algorithms...

[SECURITY] Fedora 27 Update: gnupg-1.4.23-1.fc27

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products

Summary Multiple vulnerabilities in the IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak...

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key...

CVE-2018-1000531

inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header usi...

Design/Logic Flaw

inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header usi...

CVE-2018-1000531

inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header usi...

CVE-2018-1000531

The vulnerability CVE-2018-1000531 affects inversoft prime-jwt prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba, where JWTDecoder.decode can mishandle signature verification (CWE-20). An attacker can craft a JWT with a valid header using the none algorithm and a body that passes validatio...

Microsoft Windows: Configure use of hardware-based encryption for fixed data drives

This policy setting allows you to manage BitLocker Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM SONAS (CVE-2015-2808)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SONAS. This issue was disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS...

[SECURITY] Fedora 28 Update: gnupg-1.4.23-1.fc28

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

Clustering App Attacks with Machine Learning Part 3: Algorithm Results

In the previous blog posts in this series, we discussed the motivation for clustering attacks and the data used and how to calculate the distance between two attacks using different methods on each feature we extracted. In this final blog post, we’ll discuss the clustering algorithm itself – how ...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool

Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL was used by IBM FSM SMIA configuration tool commonly known as Network Advisor. This bulletin addresses the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3730 DESCRIPTION: OpenSSL is...

Security Bulletin: Vulnerability in Libcrypt++ affects PowerKVM (CVE-2015-2141)

Summary PowerKVM is affected by a vulnerability in libcrypt++. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2015-2141 DESCRIPTION: libcrypt++ could allow a remote attacker to obtain sensitive information, caused by weak Rabin-Williams digital signature algorithm in...

Security Bulletin: Vulnerability in Mozilla NSS affects PowerKVM (CVE-2015-2730)

Summary PowerKVM is affected by a vulnerability in Mozilla NSS CVE-2015-2730. This vulnerability is now fixed. Note that this primarily affects Mozilla Firefox, which does not ship with PowerKVM. Vulnerability Details CVEID: CVE-2015-2730 DESCRIPTION: Mozilla Firefox could allow a remote attacker...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Network Advisor (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Network Advisor. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM FlashSystem V840 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM FlashSystem V840. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects Real-time Compression Appliance (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Real-time Compression Appliance Vulnerability Details CVEID: CVE-2015-2808DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

Security Bulletin: OpenSSL security vulnerabilities in IBM Storwize V7000 Unified (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)

Summary A fix is available for IBM Storwize V7000 Unified, for the OpenSSL security vulnerabilities found in January 2015. Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2014-3570 DESCRIPTIO...