OpenJDK: DSA implementation timing attack (Libraries, 8168728)

A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel...

DEBIAN-CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

UBUNTU-CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

Explained — What's Up With the WhatsApp 'Backdoor' Story?

What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not...

CVE-2015-1860 analysis: Qt module for processing GIFs cause a crash-bug warning-the black bar safety net

Vulnerability background Qt is a cross-platform graphical interface programming Framework, and its version is less than 4. 8. 7 and 5. x is less than 5. 4. 2 analytical picture of the process for cross-border inspections of improper handling, will result in the memcpy of the process occurs out of...

CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061)

An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives...

java security update

CentOS Errata and Security Advisory CESA-2017:0061 An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Design flaws in the Android version of the Far Eastern Express app client

Yuancheng Express app is a life service application, a mobile logistics platform. There is a design vulnerability in the Far Cheng Express app client for Android. Due to the digest digest algorithm can be cracked, allowing an attacker to exploit the vulnerability to reset the password of any user...

CVE-2016-1549

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock...

CVE-2016-1549

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock...

CVE-2016-1549

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock...

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3getkeyexchange function in file s3clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the...

[SECURITY] Fedora 25 Update: libpng-1.6.27-1.fc25

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

New Decryptor Unlocks CryptXXX v3 Files

Researchers have neutralized the threat of the latest strain of the CryptXXX v.3 ransomware, releasing a decryption tool for unlocking files, and have added it to the RannohDecryptor, a free utility hosted by Kaspersky Lab’s No Ransom Project. Previous decryption tools had been available for...

OpenSSL: Double-free in DSA code

A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...

openssl: Non-constant time codepath followed for certain operations in DSA implementation

It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...

Code injection

An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's...

CVE-2016-9847

An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's...

SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g., MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks CVE-2004-2761, for example. An attacker can...