465 matches found
USN-3850-2: NSS vulnerabilities
USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack...
openSUSE Security Update : mozilla-nss (openSUSE-2019-183)
This update for mozilla-nss fixes the following issues : Security issues fixed : - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack bsc1119069. Non-security issue fixed : - Update to mozilla-nss 3.41.1 This update was imported from the SUSE:SLE-15:Update update project...
Security update for mozilla-nss (important)
openSUSE Security Update: Security update for mozilla-nss Announcement ID: openSUSE-SU-2019:0183-1 Rating: important References: 1119069 Cross-References: CVE-2018-12404 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...
Improper Encryption Implementation
erlang has an improper encryption implementation. The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : NSS vulnerabilities (USN-3850-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3850-1 advisory. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perfo...
Ubuntu: Security Advisory (USN-3850-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3850-1 nss vulnerabilities
Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. CVE-2018-0495 It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remo...
USN-3850-1: NSS vulnerabilities
Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. CVE-2018-0495 It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remo...
CVE-2018-16870
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data...
DEBIAN-CVE-2018-16870
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data...
UBUNTU-CVE-2018-16870
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data...
CVE-2018-16870
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data...
CVE-2018-16870
Vulnerable component: wolfSSL before 3.15.7. Root cause: variant of Bleichenbacher attack enabling TLS downgrade and potential leakage of sensitive data. Impact: data exposure risk via downgraded TLS. Remediation: upgrade to wolfSSL 3.15.7 or newer (apply vendor patch). Note: exploitation details...
openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618)
This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 bsc1119105 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack bsc1119069 - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS respond...
Updated nss packages fix security vulnerability
Cache side-channel variant of the Bleichenbacher attack.CVE-2018-12404...
MGASA-2018-0482 Updated nss packages fix security vulnerability
Cache side-channel variant of the Bleichenbacher attack.CVE-2018-12404...
Security update for mozilla-nss (moderate)
This update for mozilla-nss to version 3.36.6 fixes the following issues: Security issues fixed: - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random bmo1483128, boo1106873 - CVE-2018-12404: Cache side-channel variant of the...
UBUNTU-CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...
[slackware-security] nettle
New nettle packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: This update fixes a security issue: A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversio...
[slackware-security] mozilla-nss
New mozilla-nss packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-nss-3.40.1-i586-1slack14.2.txz: Upgraded. Upgraded to nss-3.40.1 and nspr-4.20. Mitigate cache side-channel...