Information disclosure

MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...

CVE-2016-6882

CVE-2016-6882 concerns MatrixSSL prior to 3.8.7. When DHE_RSA cipher suites are enabled, remote attackers may exploit a Lenstra side-channel to glean RSA private key information. The vulnerability is limited to affected builds of MatrixSSL and is primarily an information-leak risk to private RSA ...

CVE-2016-6884

CVE-2016-6884 affects MatrixSSL before 3.8.3. TLS cipher suites using CBC mode in TLS 1.1/1.2 can be exploited by remote attackers to cause a denial of service via an out-of-bounds read in a crafted message. Impact is a partial availability loss without confidentiality or integrity compromise. Af...

CVE-2016-6883

MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

Fedora 25 : 1:xrdp (2017-8fffbae8af)

WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already...

openSUSE Security Update : openssl (openSUSE-2017-255)

This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed bsc1019334 - CVE-2016-8610: A remote denial of service in...

Oracle Linux 6 / 7 : openssl (ELSA-2017-0286)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0286 advisory. - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher Tenable has extracted the preceding description block directly from the Oracle...

Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)

Security Fixes : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 - A denial of service flaw was found in th...

CVE-2016-4693

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of t...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of t...

openssl security update

1.0.1e-48.4 - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts...

Khan Academy: SSL/TLS Vulnerability at khanacademy.org

CVE - 2011 - 3389 Description : The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle...

Open-Xchange: SSL Certification Expired And TLS Vulnerability

I Found SSL Certification Expired at https://licenses.dovecot.fi/ I Found Vulnerability CVE-2016-2183 lists.dovecot.fi CVE-2016-2183 Description : A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)

This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed bsc1019334 - CVE-2016-8610: A remote denial of service in...

Amazon Linux AMI : openldap (ALAS-2017-799)

A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security...

Medium: openldap

Issue Overview: A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. Affected Packages: openldap Issue Correction: Run yum update openldap or yum update --advisory ALAS-2017-799 to updat...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Th...

java security update

CentOS Errata and Security Advisory CESA-2017:0269 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0441-1)

This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7055: The x8664 optimized montgomery multiplication may produce incorrect results bsc1009528 - CVE-2017-3731: Truncated packet could crash via OO...