Security Bulletin: Timing Oracle in GSKit.

Summary A timing based side channel exists in the RSA Decryption implementation used by GSKit builds prior to 8.0.55.31. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RS...

SUSE SLES15 Security Update : mozilla-nss (SUSE-SU-2024:2600-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2600-1 advisory. - FIPS: Added more safe memset bsc1222811. - FIPS: Adjusted AES GCM restrictions bsc1222830. - FIPS: Adjusted approved ciphers bsc1222813,...

ALSA-2024:4762 Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 For more details about the security issues, including the impact...

The vulnerability in the web-based client of IBM Datacap Navigator software for document collection and processing involves the use of cryptographic algorithms that contain defects, allowing attackers to decrypt confidential information.

The vulnerability of the IBM Datacap Navigator software for document collection and processing lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker to decrypt confidential information remotely...

EulerOS 2.0 SP8 : python-cryptography (EulerOS-SA-2024-2048)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2048)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2008)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pycryptodome (EulerOS-SA-2024-1992)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1990)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : python-cryptography (EulerOS-SA-2024-2008)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing ...

EulerOS Virtualization 2.10.0 : python-pycryptodome (EulerOS-SA-2024-1992)

According to the versions of the python-pycryptodome package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger...

EulerOS Virtualization 2.10.0 : python-cryptography (EulerOS-SA-2024-1990)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing ...

EulerOS Virtualization 2.10.1 : python-pycryptodome (EulerOS-SA-2024-2010)

According to the versions of the python-pycryptodome package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger...

Security Bulletin: Vulnerability with The Bouncy Castle Crypto affect IBM Cloud Object Storage Systems (July 2024v2)

Summary Vulnerability with The Bouncy Castle CryptoCVE-2024-29857, , Snappy CVE-2024-36124, CVE-2024-30171, CVE-2024-30172, This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is...

openSUSE 15 Security Update : Botan (openSUSE-SU-2024:0201-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0201-1 advisory. Update to 2.19.5: Fix multiple Denial of service attacks due to X.509 cert processing: CVE-2024-34702 - boo1227238 CVE-2024-34703 - boo1227607...

CVE-2024-40983

In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 "xfrm: Force a dst refcount before entering the xfrm type handlers": "Crypto requests might return asynchronous. In this case we leave the rcu...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

OPENSUSE-SU-2024:0201-1 Security update for Botan

This update for Botan fixes the following issues: Update to 2.19.5: Fix multiple Denial of service attacks due to X.509 cert processing: CVE-2024-34702 - boo1227238 CVE-2024-34703 - boo1227607 CVE-2024-39312 - boo1227608 Fix a crash in OCB Fix a test failure in compression with certain versions o...

SUSE CVE-2024-40983

In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 "xfrm: Force a dst refcount before entering the xfrm type handlers": "Crypto requests might return asynchronous. In this case we leave the rcu...