ZkFuzz: Foundation and Framework for Effective Fuzzing of Zero-Knowledge Circuits

Zero-knowledge ZK circuits enable privacy-preserving computations and are central to many cryptographic protocols. Systems like Circom simplify ZK development by combining witness computation and circuit constraints in one program. However, even small errors can compromise security of ZK programs...

openssl security update

1.0.2k-25fips - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 - Add EC keys pairwise consistency test Orabug: 32467059 1:1.0.2k-25 -...

Fix of CVE: CVE-2018-0739, CVE-2018-0737, CVE-2021-3712, CVE-2018-0732

fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 -...

nss-softokn security update

3.44.0-6.0.1 - Add fips140-2 DSA Known Answer Test fix Orabug 26696773 - Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix Orabug 26617866, Orabug 26617833, Orabug 26617780 3.44.0-6 - Fix out-of-bounds write in NSCEncryptUpdate 1775909...

openssl security update

1.0.1e-58.0.1 - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.1e-58 - fi...

bind9 -- denial of service

Problem description A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named8 will exit. Impact On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the...