openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

Microsoft Warns Fraudulent Certificate Could Lead to MiTM Attacks

Microsoft has blacklisted a phony SSL certificate that’s been making the rounds and is in the process of warning the general public that the certificate could be leveraged to stage man-in-the-middle attacks. In a security advisory published yesterday the company stressed that an improper...

Key pinning bypasses — Mozilla

Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connectio...

CentOS Update for thunderbird CESA-2011:1243 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for seamonkey CESA-2011:1244 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Attackers Can Use 'Self-Destruct' Feature to Kill Flame

The attackers behind Flame can easily clean up compromised computers, according to research by security firm Symantec who found that some attackers have been able to use command-and-control C&C servers to completely remove the malware from certain machines. According to a post on Symantec’s...

CentOS Update for seamonkey CESA-2011:1244 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RedHat Update for firefox RHSA-2011:1242-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 4 : seamonkey (CESA-2011:1244)

Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2011:1242 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2011-September/079876.html https://lists.centos.org/pipermail/centos-announce/2011-September/079877.html...

RHEL 4 : seamonkey (RHSA-2011:1244)

Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML...

New Versions of Chrome and Firefox Disable DigiNotar Root

Mozilla has released version 6.01 of its Firefox browser, which now removes the compromised DigiNotar root certificate from the list of trusted roots. The move comes just two days after security researchers discovered that the Dutch company had issued a valid wildcard certificate for Google to an...

DigiNotar Says Its CA Infrastructure Was Compromised

VASCO, the parent company of DigiNotar, says that the fraudulent certificate for Google’s domains that the certificate authority issued was just one of many such bogus certificates it handed out in recent months, and blamed the growing scandal on an attack on its CA infrastructure. In a statement...

Protection against fraudulent DigiNotar certificates — Mozilla

Description: Google Chrome user alibo encountered an active "man in the middle" MITM attack on secure SSL connections to Google servers. The fraudulent certificate was mis-issued by DigiNotar, a Dutch Certificate Authority. DigiNotar has reported evidence that other fraudulent certificates were...

Hitachi Web Server Vulnerability in SSL Client Authentication

Overview Hitachi Web Server contains a vulnerability in handling SSL client certificates, which could allow an attacker to manipulate environment variables and/or spoof the client to access Web servers. Impact An attacker could manipulate environment variables and/or spoof the client to access We...