39 matches found
Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition, and Logjam affect WebSphere Application Server shipped with SmartCloud Provisioning
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 that is used by WebSphere Application Server shipped with IBM SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Tivoli Composite Application Manager for Transactions. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information,...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...
Simple OpenVPN Raspberry Pi Installer: piVPN
Simple OpenVPN Raspberry Pi Installer This is a set of shell scripts that serve to easily turn your Raspberry Pi TM into a VPN server using the free, open-source OpenVPN software. The master branch of this script installs and configures OpenVPN on Raspbian Jessie and has been tested on Ubuntu 14....
Turing Award — Inventors of Modern Cryptography Win $1 Million Cash Prize
And the Winners of this year's Turing Award are: Whitfield Diffie and Martin E. Hellman. The former chief security officer at Sun Microsystems Whitfield Diffie and the professor at Stanford University Martin E. Hellman won the 2015 ACM Turing Award, which is frequently described as the "Nobel Pri...
CVE-2016-0701
The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...
Apple Releases dozens of Security Updates to Fix OS X and iOS Flaws
Apple has released updates to patch dozens of security vulnerabilities in iOS and OS X Yosemite operating system. The updates include iOS 8.4 version of the mobile operating system, OS X Yosemite 10.10.4 and Security Update 2015-005. iOS 8.4 Update The iOS 8.4 update includes patches for over 20...
RHEL 5 : openssl (RHSA-2015:1197) (Logjam)
Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available fo...
nss security update
CentOS Errata and Security Advisory CESA-2015:1185 Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact...
PuTTY < 0.64 Multiple Information Disclosure Vulnerabilities
The remote host has a version of PuTTY installed that is prior to 0.64. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to a failure to clear SSH-2 private key information from the memory during the saving or loading of key files to...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383)
It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216 , CVE-2014-4219 A format string flaw was discovered in the Hotsp...
Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20140916)
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. CVE-2013-1740 A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker coul...
Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
CentOS Update for nss-util CESA-2014:0917 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Critical: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base...
RedHat Update for java-1.7.0-openjdk RHSA-2014:0890-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140716)
It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discovered in the Hotspo...
Null pointer dereference
The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...
Microsoft security advisory: Updated support for Diffie-Hellman Key Exchange
None None...