SHA-1 Hash Collision Could Be Within Reach of Attackers By 2018

It’s been just a few days since NIST approved Keccak as the winner of the SHA-3 competition, and it likely will be some time before we begin seeing the new hash algorithm popping up in common products and services. However, some in the cryptography community say it may not be a bad idea to start...

Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

USN-1596-1: Python 2.6 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

SHA-3 Winner Chosen, But It May Be Years Before Keccak Has an Effect

Now that NIST has selected Keccak as the winner of the five-year-long SHA-3 competition, the next question to be answered is whether the new hash algorithm will be implemented in any meaningful way in the near future. The answer, for right now at least, appears to be probably not. The SHA-3...

Ubuntu Update for python2.7 USN-1592-1

Ubuntu Update for Linux kernel vulnerabilities USN-1592-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15921.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python2.7 USN-1592-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Th...

Ubuntu: Security Advisory (USN-1592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1592-1: Python 2.7 vulnerabilities

Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. CVE-2011-1521 It was...

New Iteration of TDSS/TDL-4 Botnet Uses Domain Fluxing to Avoid Detection

A new version of the TDSS/TDL-4 botnet is rapidly growing, primarily because it’s having great success using an evasion technique known as a domain generation algorithm DGA to avoid detection, researchers at Damballa Security revealed today. The algorithm helps the latest version of the botnet...

Fedora Update for pyfribidi FEDORA-2012-3513

Check for the Version of pyfribidi OpenVAS Vulnerability Test Fedora Update for pyfribidi FEDORA-2012-3513 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Moderate: Red Hat Security Advisory: gimp security update

Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Scientific Linux Security Update : php on SL6.x i386/x86_64 (20120627)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

Scientific Linux Security Update : postgresql and postgresql84 on SL6.x i386/x86_64 (20120625)

PostgreSQL is an advanced object-relational database management system DBMS. A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed...

Scientific Linux Security Update : postgresql on SL5.x i386/x86_64 (20120625)

PostgreSQL is an advanced object-relational database management system DBMS. A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed...

Scientific Linux Security Update : libtiff on SL3.x, SL4.x, SL5.x i386/x86_64

Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. CVE-2008-232...

Scientific Linux Security Update : openssl on SL6.x i386/x86_64

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a full-strength, general purpose cryptography library. A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions i...

Scientific Linux Security Update : openssl on SL5.x i386/x86_64

CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests DoS It was found that the OpenSSL library did not properly re-initialize its internal state in the SSLlibraryinit function after previous calls to the...

CVE-2012-3018

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...

Design/Logic Flaw

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...

CVE-2012-3018

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain...