1332 matches found
Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-1228)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1228 advisory. 1:1.8.0.51-1.b16 - Add md5sum for January 2015 java.security update so it gets updated this time. - Resolves: rhbz1235162 1:1.8.0.51-0.b16 - July...
CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1228) (Bar Mitzvah) (Logjam)
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
java security update
CentOS Errata and Security Advisory CESA-2015:1230 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64 (20150625) (Logjam)
A flaw was found in the way the TLS protocol composes the Diffie-Hellman DH key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. CVE-2015-4000 Note: This update forces the...
Apple Releases dozens of Security Updates to Fix OS X and iOS Flaws
Apple has released updates to patch dozens of security vulnerabilities in iOS and OS X Yosemite operating system. The updates include iOS 8.4 version of the mobile operating system, OS X Yosemite 10.10.4 and Security Update 2015-005. iOS 8.4 Update The iOS 8.4 update includes patches for over 20...
RedHat Update for openssl RHSA-2015:1197-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
RHEL 5 : openssl (RHSA-2015:1197) (Logjam)
Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available fo...
CentOS Update for nss-util CESA-2015:1185 centos6
Check the version of nss-util SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882208";...
RedHat Update for nss RHSA-2015:1185-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nss security update
CentOS Errata and Security Advisory CESA-2015:1185 Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact...
Moderate: Red Hat Security Advisory: nss security update
Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)
It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE Elliptic Curve Diffie-Hellman key Exchange. A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection...
Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This...
BSA-2015-1935
Security Advisory ID : BSA-2015-1935 Component : TLS protocol 1.2 Revision : 5.0 The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct...
Medium: openssl
Issue Overview: LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient...