31 matches found
RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:4418)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4418 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connec...
UBUNTU-CVE-2023-37464
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...
CVE-2023-37464 Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...
cjose 加密问题漏洞
Cisco cjose is a C library from Cisco that implements Javascript Object Signing and Encryption JOSE. A cryptographic issue vulnerability exists in cjose that stems from the AES GCM decryption routines incorrectly using the length of the tag in the actual authentication tag provided in JWE...
Valvesoftware GameNetworkingSockets Buffer Error Vulnerability
Valvesoftware GameNetworkingSockets is a transport layer support software for games to pass data from Valvesoftware USA. A security vulnerability exists in Valve Game Networking Sockets versions prior to 1.2.0, which stems from the incorrect handling of long encrypted messages in...
wireshark security, bug fix, and enhancement update
1.8.10-17.0.2 - Fix ocfs2 dissector John Haxby orabug 21505640 1.8.10-17.0.1.el6 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.8.10-17 - security patches - Resolves: CVE-2015-2189 CVE-2015-2191 1.8.10-16 - security patches - Resolves: CVE-2014-8710 CVE-2014-8711...
Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI
A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...
Oracle Linux 6 : kernel (ELSA-2015-1081)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1081 advisory. - fs pipe: fix pipe corruption and iovec overrun on partial copy Seth Jennings 1202860 1185166 CVE-2015-1805 - x86 crypto: aesni - fix memory usage in...
OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)
The remote OracleVM system is missing necessary patches to address critical security updates : - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807438...
Unbreakable Enterprise kernel security and bugfix update
2.6.39-400.250.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077389 CVE-2015-3331 2.6.39-400.250.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807440 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...
Unbreakable Enterprise kernel security and bugfix update
kernel-uek 3.8.13-68.2.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 3.8.13-68.2.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807438 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...