SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...

Security update for openssl (important)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 Constant time flag not...

SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...

Fedora 23 : prosody-0.9.10-1.fc23 (2016-5a5c85c5a8)

Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...

[SECURITY] [DLA 407-1] prosody security update

Package : prosody Version : 0.7.0-1squeeze1+deb6u2 CVE ID : CVE-2016-0756 The flaw allows a malicious server to impersonate the vulnerable domain to any XMPP domain whose domain name includes the attackers domain as a suffix. For example, bber.example would be able to connect to jabber.example an...

OracleVM 3.3 : bind (OVMSA-2014-0084)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 1171973 - Use /dev/urandom when generating rndc.key file 951255 - Remove bogus file from /usr/share/doc, introduced by fix for bug 1092035 - Add support for TLSA resource records...

Design/Logic Flaw

Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...

CVE-2013-4442

Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...

CVE-2013-4442

Pwgen (Password Generator) prior to version 2.07 was vulnerable because it used weak pseudo-random numbers when /dev/urandom was unavailable, allowing context-dependent attackers to potentially guess generated passwords. Public advisories and OSV/NVD records describe fixes in pwgen-2.07 and later...

CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su...

CVE-2011-3263

zabbixagentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service CPU consumption by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device...

[SECURITY] Fedora 14 Update: libHX-3.6-1.fc14

A library for: - rbtree with key-value pair extension - deques double-ended queues Stacks LIFO / Queues FIFOs - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option argv parser...

linux/x86 cat /dev/urandom > /dev/console, just for kicks - 63 bytes

No description provided by source. / linux/x86 cat /dev/urandom /dev/console, no real profit just for kicks - 63 bytes - izik [email protected] / char shellcode = "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx "\x68\x6e\x64\x6f\x6d" // push $0x6d6f646e "\x68\x2f\x75\x72\x61" // push $0x6172752f...

CentOS 4 : cyrus-sasl (CESA-2007:0795)

An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The cyrus-sasl package contains the Cyrus implementation...

cyrus security update

CentOS Errata and Security Advisory CESA-2007:0795 An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The...

Moderate: Red Hat Security Advisory: cyrus-sasl security and bug fix update

An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The cyrus-sasl package contains the Cyrus implementation...

linux/x86 cat /dev/urandom > /dev/console just for kicks - 63 bytes

No description provided by source. / linux/x86 cat /dev/urandom /dev/console, no real profit just for kicks - 63 bytes - izik [email protected] / char shellcode = "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx "\x68\x6e\x64\x6f\x6d" // push $0x6d6f646e "\x68\x2f\x75\x72\x61" // push $0x6172752f...

linux/x86 cat /dev/urandom > /dev/console 63 bytes

linux/x86 cat /dev/urandom /dev/console, just for kicks - 63 bytes. Shellcode exploit for linx86 platform / linux/x86 cat /dev/urandom /dev/console, no real profit just for kicks - 63 bytes - izik / char shellcode = "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx "\x68\x6e\x64\x6f\x6d" // push...

CVE-2003-0094

CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...

CVE-1999-1285

CVE-1999-1285 affects Linux kernels 2.1.132 and earlier. A local attacker can cause a denial of service by reading a large buffer from a random device (e.g., /dev/urandom) that cannot be interrupted until the read completes. The provided documents specify the vulnerability and impact (resource ex...