Updated libvorbis packages fix security vulnerability

libvorbis can write out of bounds on codebook decoding when processing malformed Vorbis audio data CVE-2018-5146...

[SECURITY] [DSA 4140-1] libvorbis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4140-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 16, 2018 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4141-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Elemental Path's CogniToys Dino Information Disclosure Vulnerability (CNVD-2018-00677)

Elemental Path's CogniToys Dino is a smart toy from Elemental Path's, USA that is capable of voice communication with children. An information disclosure vulnerability exists in Elemental Path's CogniToys Dino using firmware version 0.0.794 and earlier, which stems from the program's use of AES-1...

The vulnerability of the mod_session_crypto module in the Apache HTTP Server allows attackers to perform attacks like Padding Oracle.

The vulnerability of the modsessioncrypto module in the Apache HTTP Server is related to encryption algorithm errors. The modsessioncrypto module encrypts its data/cookies using configured encryption algorithms with CBC or ECB modes AES256-CBC by default. Therefore, there is no optional or built-...

UBUNTU-CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

GLSA-201606-19 : kwalletd: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201606-19 kwalletd: Information disclosure Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact : Local attackers, with access to the password store, could conduct a codebo...

kwalletd: Information disclosure

Background Kwalletd is is a credentials management application for KDE. Description Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact Local attackers, with access to the password store, could conduct a codebook attack in order to obtain...

File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted

Overview File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED"...

Updated kdebase4-runtime packages fix CVE-2013-7252 and several bugs

Updated kdebase4-runtime packages fix security vulnerability: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack CVE-2013-7252. This...

UBUNTU-CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

CVE-2013-7252

KWallet's kwalletd (KWallet before KDE Applications 14.12.0) uses Blowfish with ECB mode to encrypt the password store instead of CBC, enabling codebook-style attacks to guess passwords when the password store is accessible. This vulnerability is documented across multiple advisories (GLSA-201606...

CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

CVE-2013-7252

Removed by vendor...

UBUNTU-CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

libvorbis多个缓冲区溢出漏洞

BUGTRAQ ID: 29206 CVECAN ID: CVE-2008-1419,CVE-2008-1420,CVE-2008-1423 libvorbis是开源的音频音乐编码解码函数库。 libvorbis在处理畸形格式的OGG文件时存在漏洞，远程攻击者可能利用此漏洞控制用户系统。 如果特制的OGG文件包含有codebook维度为0的话，打开该文件就会导致使用libvorbis库的应用程序崩溃、出现死循环或堆溢出。...

DEBIAN-CVE-2008-1419

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service crash or infinite loop or trigger an integer overflow...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service crash or infinite loop or trigger an integer overflow...