SUSE-SU-2020:3460-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::IdealPhaseGVN, bool', introduced in October 2020 CPU. - Update to version jdk8u272 icedtea 3.17.0 July 2020 CPU, bsc1174157, and October 2020 CPU, bsc1177943 New features + JDK-8245468: Add...

SUSE-SU-2020:3359-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...

SUSE-SU-2020:3310-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 October 2020 CPU, bsc1177943 Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts +...

SUSE-SU-2020:3159-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...

squid: DoS in TLS handshake

A flaw was found in squid. A denial-of-service attack while processing TLS certificates is possible due to use of a potentially dangerous function in Squid and the default certificate validation helper. The highest threat from this vulnerability is to system availability...

Fedora 32 : 1:java-11-openjdk (2020-fdc79d8e5b)

New in release OpenJDK 11.0.9 2020-10-20: =========================================== Full versions of these release notes can be found at : - https://bitly.com/openjdk1109 - https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt Security fixes - JDK-8233624: Enhance JNI linkage -...

Fedora 31 : 1:java-11-openjdk (2020-421f817e5f)

New in release OpenJDK 11.0.9 2020-10-20: =========================================== Full versions of these release notes can be found at : - https://bitly.com/openjdk1109 - https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt Security fixes - JDK-8233624: Enhance JNI linkage -...

Fedora 32 : 1:java-1.8.0-openjdk (2020-a405eea76a)

New in release OpenJDK 8u272 2020-10-20: =========================================== Full versions of these release notes can be found at : - https://bitly.com/openjdk8u272 - https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt New features - JDK-8245468: Add TLSv1.3...

Fedora 33 : 1:java-11-openjdk (2020-845860fd4f)

New in release OpenJDK 11.0.9 2020-10-20: =========================================== Full versions of these release notes can be found at : - https://bitly.com/openjdk1109 - https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt Security fixes - JDK-8233624: Enhance JNI linkage -...

The vulnerability of the web interface of the Cisco SPA112 IP phone allows attackers to perform cross-site scripting attacks.

The vulnerability of the web interface for processing Cisco SPA112 IP-telephone certificates exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

The vulnerability of the certificate processing component in Cisco SPA112, SPA525, and SPA5X5 Series IP phones allows a perpetrator to gain access to protected information.

The vulnerability of the certificate processing component in Microprogramming Software for Cisco SPA112, SPA525, and SPA5X5 Series devices is related to errors during certificate verification on the server side. Exploiting this vulnerability can allow an attacker to gain access to protected...

OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)

It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...

CVE-2017-4981

EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability...

Design/Logic Flaw

EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability...

CVE-2017-4981

EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability...

CVE-2017-4981

EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability...

Amazon Linux AMI : gnutls (ALAS-2017-815)

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. CVE-2016-8610...

The vulnerability of Thunderbird software, which allows a malicious attacker to compromise the accessibility of protected information

The vulnerability in Mozilla Firefox and Thunderbird allows malicious actors, operating remotely, to trigger a service failure certificate processing failure using a specially crafted certificate. In this case, the UTF-8 character encoding is not utilized in the relevant context...

The vulnerability of Thunderbird software, which allows a malicious attacker to compromise the accessibility of protected information

The vulnerability in Mozilla Firefox and Thunderbird allows malicious actors, operating remotely, to trigger a service failure certificate processing failure using a specially crafted certificate. In this case, the ASCII character encoding is not utilized in the relevant context...

The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in the NSS Network Security Services library of Mozilla for Mozilla Firefox, due to incorrect processing of ASN.1 values in X.509 certificates. Exploiting this vulnerability allows malicious actors to replace RSA signatures with specially crafted certificates. This...