SUSE-SU-2021:2857-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Update to version 1.4.3.24 - CVE-2021-3652: Fixed crypt handling of locked accounts. bsc1188455...

OPENSUSE-SU-2021:2801-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts. bsc1188455...

SUSE-SU-2021:2801-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts. bsc1188455...

Security update for 389-ds (moderate)

openSUSE Security Update: Security update for 389-ds Announcement ID: openSUSE-SU-2021:2801-1 Rating: moderate References: 1188151 1188455 Cross-References: CVE-2021-3652 CVSS scores: CVE-2021-3652 SUSE: 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 An...

389-ds:1.4 security and bug fix update

1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin 1.4.3.16-18 - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed...

Debian DLA-2735-1 : ceph - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2735 advisory. - It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2021-3079)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3079 advisory. 1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync- plugin...

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

Low: Red Hat Security Advisory: 389-ds:1.4 security and bug fix update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Low: 389-ds:1.4 security and bug fix update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succee...

Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

SYS.2.3.A19

Festplatten oder die darauf abgespeicherten Dateien SOLLTEN verschluesselt werden. Die dazugehoerigen Schluessel SOLLTEN NICHT auf dem IT-System gespeichert werden. Es SOLLTEN AEAD-Verfahren Authenticated Encryption with Associated Data bei der Festplatten- und Dateiverschluesselung eingesetzt...

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

UBUNTU-CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

Buffer overflow

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

CVE-2020-1921

CVE-2020-1921 affects HHVM: the crypt function may terminate a buffer using the salt length without verifying the offset lies inside the buffer. Affected HHVM versions include before 4.56.3, 4.57.0–4.80.1, 4.81.0–4.93.1, and 4.94.0–4.98.0. The initial description provides the vulnerable condition...

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

Katy Voor HHVM 缓冲区错误漏洞

Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from a crypt function that allows the size of the input salt to be null to terminate the buffer witho...

Canonical Ubuntu Remote-login-service Encryption Issue Vulnerability

Canonical Ubuntu is a desktop-oriented GNU/Linux operating system from the British company Canonical. A security vulnerability exists in Canonical Ubuntu's remote-login-service service, which stems from an insecure encryption algorithm used to cache usernames and passwords in crypt.c of...