CVE-2024-36124 iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

CVE-2024-36124 iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

USN-6663-3 openssl update

USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS1 v1.5 RSA to...

USN-6663-3: OpenSSL update

USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS1 v1.5 RSA to...

F5 Networks BIG-IP : libxml2 vulnerability (K000139592)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139592 advisory. An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document,...

SUSE-SU-2024:1587-1 Security update for go1.22

This update for go1.22 fixes the following issues: Update to go1.22.3: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin bsc1224017 - CVE-2024-24788: net: high cpu usage in extractExtendedRCode bsc1224018 - cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64...

Oracle Linux 9 : gnutls (ELSA-2024-2570)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2570 advisory. 3.8.3-4 - Bump release to ensure el9 package is greater than el9 packages 3.8.3-3 - Bump release to ensure el9 package is greater than el9 packages...

gnutls security update

3.8.3-4 - Bump release to ensure el9 package is greater than el9 packages 3.8.3-3 - Bump release to ensure el9 package is greater than el9 packages 3.8.3-2 - Fix timing side-channel in deterministic ECDSA RHEL-28959 - Fix potential crash during chain building/verification RHEL-28954...

gnutls security update

An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls package provide the GNU Transport Layer Security GnuTLS library,...

Medium: gnutls

Issue Overview: A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeab...

gnutls security update

3.6.16-8.3fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug: 33200526 - Allow bigger known RSA modulus sizes when calling rsageneratefips1864keypair directly Orabug: 33200526 - Change Epoch from 1 to 10fips...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GnuTLS vulnerabilities (USN-6733-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-1 advisory. It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly us...

OESA-2024-1439 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

Sensitive Information Disclosure

GnuTLS is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exploiting deterministic behavior in systems like GnuTLS, particularly when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, which can lead to a noticeable step in nonce size from 513 to 512 bits, exposing a...

Moderate: gnutls security update

The gnutls package provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. This package update fixes a timing side-channel in deterministic ECDSA. Security Fixes: gnutls: vulnerable to Minerva side-channel...

DEBIAN-CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

UBUNTU-CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...