Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Application Server (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" for SSL/TLS may affect some configurations of WebSphere Application Server. NOTE: If you are configured for FIPS140-2, Suite B or SP800-131 in your SecuritySSL certificate and key management then you are not affected by this vulnerability or your SSL communication fo...

Security Bulletin: Vulnerability in IBM Java runtime affects IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability may affect some configurations of WebSphere Application Server used by WebSphere Service Registry and Repository. Vulnerability Details CVEID : CVE-2015-0138 DESCRIPTION : A vulnerability in various I...

Security Bulletin: Vulnerability in IBM Java runtime affects WebSphere Service Registry and Repository (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability may affect some configurations of WebSphere Application Server used by WebSphere Service Registry and Repository. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM...

Security Bulletin: TLS padding vulnerability affects IBM WebSphere MQ Internet Pass-Thru V2.0 (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects some versions of IBM WebSphere MQ Internet Pass-Thru SupportPac MS81. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: IBM WebSphere MQ Internet...

Security Bulletin: TLS padding vulnerability affects IBM WebSphere MQ (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM WebSphere MQ. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by th...

SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-1)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

Receiver for Windows Crypto Kit Updates

Overview of the Crypto Kit updates in Citrix Receiver 4.12 and above Receiver for Windows 4.12 and laterprovidesupport to DTLS v1.2 for connections to the VDA. The latest Crypto Kit has deprecated all TLSRSA cipher suites. But, to support backward compatibility with older versions of VDA before...

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

Design/Logic Flaw

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

CVE-2017-2598

CVE-2017-2598 : Jenkins prior to 2.44 and 2.32.2 uses AES ECB without an IV to encrypt secrets, enabling potential exposure of stored secrets. The description explicitly ties this to Jenkins and the handling of secrets; no exploitation details are provided in the supplied documents. The available...

Security update for curl (moderate)

This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client bsc1092098 Non security issues fixed: - If the DEFAULTSUSE cipher list is not available use the HIGH cipher alias before failing. bsc1086825...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:1327-1)

This update for curl fixes several issues: Security issues fixed : - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client bsc1092098 Non security issues fixed : - If the DEFAULTSUSE cipher list is not available use the HIGH cipher alias before failing. bsc108682...

SUSE-SU-2018:1327-1 Security update for curl

This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client bsc1092098 Non security issues fixed: - If the DEFAULTSUSE cipher list is not available use the HIGH cipher alias before failing. bsc1086825...

SUSE SLES11 Security Update : curl (SUSE-SU-2018:1323-1)

This update for curl fixes the following issues: curl was updated to version 7.37.0 fate325339 bsc1084137 This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third-party software like '...

Design/Logic Flaw

DISPUTED The OpenPGP specification allows a Cipher Feedback Mode CFB malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code MDC feature or accept an...

CVE-2017-17689

The S/MIME specification allows a Cipher Block Chaining CBC malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL...

UBUNTU-CVE-2017-17689

The S/MIME specification allows a Cipher Block Chaining CBC malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL...