Fedora 25 : calamares (2016-561a937494)

A security update that fixes Calamares bug CAL-405: https://calamares.io/bugs/browse/CAL-405 When installing with a LUKS-encrypted / partition, Calamares was always creating a keyfile to decode / and storing it in the initramfs. It did that even with an unencrypted separate /boot partition. As a...

CVE-2016-6458

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the...

CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate

Document Title: =============== CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2014 Video: https://www.youtube.com/watch?v=81Qam91pRoE Credits:...

CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate

Document Title: =============== CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2014 Video: https://www.youtube.com/watch?v=81Qam91pRoE Credits:...

Windows Atom Tables Can Be Abused for Code Injection Attacks

Researchers have identified a way attackers could use atom tables in all versions of Windows to inject malicious code into a computer and bypass detection by security products at the same time. The technique has been nicknamed AtomBombing by researchers at enSilo, and opens the door to perform...

[SECURITY] Fedora 23 Update: openssh-7.2p2-6.fc23

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Free SSL Sparks Unprecedented Growth in Encrypted Traffic

If recent telemetry from Mozilla is indeed representative of the Internet, then it would appear that half of all traffic in transit is encrypted, a more than 10 percent jump from last December. The emergence of free Certificate Authorities such as Let’s Encrypt, and similar gratis HTTPS certifica...

Researchers Demonstrated How NSA Broke Trillions of Encrypted Connections

In the year 2014, we came to know about the NSA's ability to break Trillions of encrypted connections by exploiting common implementations of the Diffie-Hellman key exchange algorithm – thanks to classified documents leaked by ex-NSA employee Edward Snowden. At that time, computer scientists and...

[SECURITY] Fedora 25 Update: openssh-7.3p1-4.fc25

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Animas OneTouch Ping Information Disclosure Vulnerability

The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. A security vulnerability exists in the Animas OneTouch Ping device that stems from the program not encrypting data. A remote attacker could exploit the vulnerability by sniffing a network to...

[SECURITY] Fedora 24 Update: openssh-7.2p2-13.fc24

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

CVE-2016-5746

libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf...

Design/Logic Flaw

libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf...

Bugs in Signal Messaging App Corrupt Attachments, Crash App

Makers of the mobile encrypted chat app Signal say they have fixed vulnerabilities in the Android version of the messaging app that allowed attackers to corrupt encrypted attachments and remotely crash the application. The vulnerabilities were discovered by Jean-Philippe Aumasson and Markus Vervi...

Using 'Signal' for Encrypted Chats? You Shouldn't Skip Its Next Update

Two Researchers have discovered a couple of vulnerabilities in Signal, the popular end-to-end encrypted messaging app recommended by whistleblower Edward Snowden. One of those vulnerabilities could allow potential attackers to add random data to the attachments of encrypted messages sent by Andro...

CVE-2016-5927

IBM Tivoli Storage Manager for Space Management aka Spectrum Protect for Space Management 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output...

CVE-2016-5927

IBM Tivoli Storage Manager for Space Management aka Spectrum Protect for Space Management 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output...

Input validation

IBM Tivoli Storage Manager for Space Management aka Spectrum Protect for Space Management 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output...

Open Source Disk Encryption: VeraCrypt

VeraCrypt is a software for establishing and maintaining an on-the-fly-encrypted volume data storage device. On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an...

FreeBSD : mailman -- CSRF hardening in parts of the web interface (9e50dcc3-740b-11e6-94a2-080027ef73ec)

The late Tokio Kikuchi reported : We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...