Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

Microsoft Brings Perfect Forward Secrecy to Windows

Microsoft yesterday added four cryptographic cipher suites to its default priority ordering list in Windows, a move that brings Perfect Forward Secrecy to the operating system. Update 3042058 is available for now only on the Microsoft Download Center, affording users the opportunity to test the...

RHEL 5 : java-1.7.0-ibm (RHSA-2015:1007) (Bar Mitzvah)

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

MS KB3042058: Update to Default Cipher Suite Priority Order

The remote Windows host is missing an update to the cryptographic cipher suite prioritization. The update adds additional cipher suites and improves cipher suite priority ordering. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid83359; scriptversion"1.3";...

Vulnerability in RC4 stream cipher affects AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on VIOS

IBM SECURITY ADVISORY First Issued: Mon Apr 27 15:27:04 CDT 2015 | Updated: Tue Dec 15 11:54:19 CST 2015 | Update: Added all information for ftpd, sendmailssl, imapd, and popd The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/rc4advisory.a...

Oracle Linux 5 : openssl (ELSA-2015-0800)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0800 advisory. - fix CVE-2014-8275 without introduction of CVE-2015-0286 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemer...

openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

Google Chrome < 41.0.2272.76 Multiple Vulnerabilities

Binary data 8684.pasl...

Apple TV < 7.0.4 Multiple Vulnerabilities

Binary data 8674.prm...

TrueCrypt Audit Cryptanalysis Finds No Backdoors

The results are in from the cryptanalysis phase of the TrueCrypt audit, and they show—nothing. Well, maybe not “nothing,” but certainly no signs of a deliberate backdoor from the NSA or any government entity, fears of which date back to the autumn of 2013, post-Snowden, and ignited talk to have t...

Vulnerability in SSL/TLS protocol encryption algorithm RC4

SSL Secure Sockets Layer and TLS Transport Layer Security are security protocols that provide security and data integrity for network communications.TLS and SSL encrypt network connections at the transport layer, and are a widely used encryption protocol. A vulnerability exists in the SSL/TLS...

UBUNTU-CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

Debian DLA-176-1 : mono security update

Three issues with Mono's TLS stack are addressed. CVE-2015-2318 Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. 'SKIP-TLS' CVE-2015-2319 Mono's implementation of SSL/TLS also contained...

Debian DLA-177-1 : openssl security update

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-0209 It was discovered that a malformed EC private key might result in memory corruption. CVE-2015-0286 Stephen...

CVE-2015-0138

GSKit in IBM Tivoli Directory Server ITDS 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server ISDS 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict T...

CVE-2015-0138

CVE-2015-0138 describes a FREAK-type downgrade vulnerability in IBM SSL/TLS implementations (ITDS/ISDS) where an attacker could coax a client/server into using weak EXPORT_RSA ciphers via crafted TLS traffic. Connected IBM advisories (JAVAJSSE_ADVISORY.ASC) confirm that the vulnerability is tied ...

CVE-2015-0138

GSKit in IBM Tivoli Directory Server ITDS 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server ISDS 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict T...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...