Security Bulletin: Vulnerability in RC4 stream cipher affects IBM HTTP Server and Caching Proxy (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" SSL/TLS may affect some configurations of the IBM HTTP Server and some configurations of the IBM Caching Proxy for WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol,...

nss, nss-softokn, nss-util security update

nss 3.44.0-7 - Increase timeout on sslgtest so that slow platforms can complete when running on a busy system. 3.44.0-6 - back out out-of-bounds patch patch for nss-softokn. - Fix segfault on empty or malformed ecdh keys 1777712 3.44.0-5 - Fix out-of-bounds write in NSCEncryptUpdate 1775910...

nss-softokn security update

3.44.0-6.0.1 - Add fips140-2 DSA Known Answer Test fix Orabug 26696773 - Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix Orabug 26617866, Orabug 26617833, Orabug 26617780 3.44.0-6 - Fix out-of-bounds write in NSCEncryptUpdate 1775909...

gnutls security, bug fix, and enhancement update

3.3.29-8.0.1 - Include ECDSA KAT into selftests for FIPS140-2 compliance Orabug 27484156 3.3.29-8 - Backported --sni-hostname option which allows overriding the hostname advertised to the peer 1444792 - Improved counter-measures in TLS CBC record padding for lucky13 attack CVE-2018-10844, 1589704...

Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Application Server shipped with Tivoli Netcool Performance Manager (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" for SSL/TLS may affect some configurations of WebSphere Application Server as a component of IBM Tivoli Netcool Performance Manager . NOTE: If you are configured for FIPS140-2, Suite B or SP800-131 in your SecuritySSL certificate and key management then you are not...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Content Collector for SAP Applications (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Content Collector for SAP Applications. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...

InsideSecure MatrixSSL x509 certificate IssuerDomainPolicy Remote Code Execution Vulnerability

Summary An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a...

IBM WebSphere Application Server 7.0 < 7.0.0.41 Multiple Vulnerabilities

Binary data 9701.prm...

Oracle Linux 6 / 7 : gnutls (ELSA-2016-0012)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-0012 advisory. 3.3.8-14 - Prevent downgrade attack to RSA-MD5 in server key exchange. 3.3.8-13 - Corrected reseed and respect of maxnumberofbitsperrequest in FIPS140-2 mod...

gnutls security update

3.3.8-14 - Prevent downgrade attack to RSA-MD5 in server key exchange. 3.3.8-13 - Corrected reseed and respect of maxnumberofbitsperrequest in FIPS140-2 mode. Also enhanced the initial tests. 1228199...