Security Bulletin: Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885).

Summary Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability CVE-2025-8885. The FIPS 140-2 Bouncy Castle Crypto package has been updated in order to address the vulnerability. Vulnerability...

Lightship Security and the OpenSSL Corporation Submit OpenSSL 3.5.4 for FIPS 140-3 Validation

Newark, United States, 9th October 2025, CyberNewsWire...

EUVD-2013-4050

Malware in sbrugna...

EUVD-2016-0341

Malware in sbrugna...

EUVD-2013-4060

Malware in sbrugna...

EUVD-2023-31094

Malicious code in bioql PyPI...

[SECURITY] Fedora 40 Update: wolfssl-5.7.2-2.fc40

The wolfSSL embedded SSL library formerly CyaSSL is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42229)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42229 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer...

CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

AZL-47204 CVE-2024-42229 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

DEBIAN-CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

CVE-2024-42229 crypto: aead,cipher - zeroize key buffer after use

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

CVE-2024-42229

CVE-2024-42229 concerns a Linux kernel cryptography hardening issue in the AEAD/cipher path. The description states that after cryptographic operations, the key buffer must be zeroized, in line with I.G 9.7.B for FIPS 140-3 guidance. The fix involves zeroizing buffers that previously held private...

CVE-2024-42229 crypto: aead,cipher - zeroize key buffer after use

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

XAES-256-GCM

About a year ago I wrote that “I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing.” Well, there is now an XAES-256-GCM specification. Had to give up on the /11 part, but that was just a performance optimization. XAES-256-GCM is an...

SUSE-SU-2024:1179-1 Security update for gnutls

This update for gnutls fixes the following issues: Security issues fixed: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange bsc1208143. - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange bsc1217277. - CVE-2024-0567: Fixed an incorrect rejection of...

Siemens SCALANCE OpenSSL NULL Pointer Dereference (CVE-2023-0217)

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

NetApp ONTAP 9.12.1P8 / 9.13.1P4 / 9.13.1P5 Information Disclosure (NTAP-20231215-0001)

The version of NetApp ONTAP running on the remote host is 9.12.1P8, 9.13.1P4 or 9.13.1P5. It ts, therefore, affected by an information disclosure vulnerability as detailed in the NTAP-20231215-0001 advisory. All SAS-attached FIPS 140-2 drives become unlocked after a system reboot or power cycle a...