openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

The OpenSSH project reports: sshd8: Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari ...

SUSE-SU-2016:1528-1 Security update for openssh

openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to...

Updated botan packages fix security vulnerabilities

Updated botan packages fix security vulnerabilities: During RSA decryption, how long decoding of PKCS 1 v1.5 padding took was input dependent. If these differences could be measured by an attacker, it could be used to mount a Bleichenbacher million-message attack CVE-2015-7827. ECDSA and DSA...

MGASA-2016-0208 Updated botan packages fix security vulnerabilities

Updated botan packages fix security vulnerabilities: During RSA decryption, how long decoding of PKCS 1 v1.5 padding took was input dependent. If these differences could be measured by an attacker, it could be used to mount a Bleichenbacher million-message attack CVE-2015-7827. ECDSA and DSA...

[SECURITY] Fedora 23 Update: mingw-openssl-1.0.2h-1.fc23

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

[SECURITY] Fedora 24 Update: mingw-openssl-1.0.2h-1.fc24

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

CVE-2016-2850

Botan 1.11.x before 1.11.29 does not enforce TLS policy for 1 signature algorithms and 2 ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

CVE-2016-2850

Botan 1.11.x before 1.11.29 does not enforce TLS policy for 1 signature algorithms and 2 ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

CVE-2016-2850

Botan 1.11.x before 1.11.29 does not enforce TLS policy for 1 signature algorithms and 2 ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

Code injection

Botan 1.11.x before 1.11.29 does not enforce TLS policy for 1 signature algorithms and 2 ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

CVE-2016-2850

CVE-2016-2850 affects Botan 1.11.x prior to 1.11.29. The vulnerability arises from Botan not enforcing TLS policy for (1) signature algorithms and (2) ECC curves, enabling remote attackers to perform downgrade attacks via unspecified vectors. The issue may allow attackers to bypass TLS policy and...

CVE-2016-2850

Botan 1.11.x before 1.11.29 does not enforce TLS policy for 1 signature algorithms and 2 ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

CVE-2016-2850

Removed by vendor...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

[SECURITY] Fedora 22 Update: openssl-1.0.1k-15.fc22

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 24 Update: botan-1.10.13-1.fc24

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

[SECURITY] Fedora 24 Update: openssl-1.0.2h-1.fc24

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

U.S. developing Technology to Identify and Track Hackers Worldwide

Without adequate analysis and algorithms, mass surveillance is not the answer to fighting terrorism and tracking suspects. That's what President Obama had learned last year when he signed the USA Freedom Act, which ends the bulk collection of domestic phone data by US Intelligence Agencies. There...

[SECURITY] Fedora 23 Update: openssl-1.0.2h-1.fc23

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Analyzing TLS Libraries: TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow...