CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3503)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3503 advisory. - ipc/sem.c: fully initialize semarray before making it visible Manfred Spraul Orabug: 22250043 CVE-2015-7613 - Initialize msg/shm IPC objects befo...

NIST removes Dual EC DRBG from SP 800-90A

The maligned Dual EC DRBG random number generator at the core of a $10 million secret contract between RSA Security and the National Security Agency has been removed from NIST’s draft guidance on random number generators. The National Institute for Standards and Technology said it will request...