bro -- invalid memory access or heap buffer over-read

Jon Siwek of Corelight reports: This is a security patch release to address a potential Denial of Service vulnerability: The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyz...

OPENSUSE-SU-2019:2017-1 Recommended update for putty

This update for putty fixes the following issues: Update to new upstream release 0.72 boo1144547, boo1144548 Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Fixed a vulnerability in all the SSH client tools PuTTY, Plink, PSFTP and...

Recommended update for putty (moderate)

openSUSE Security Update: Recommended update for putty Announcement ID: openSUSE-SU-2019:2017-1 Rating: moderate References: 1144547 1144548 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that contains security fixes can now be installed. Description: This...

openSUSE: Security Advisory for Recommended (openSUSE-SU-2019:1985-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2019:1985-1 Recommended update for putty

This update for putty fixes the following issues: Update to new upstream release 0.72 boo1144547, boo1144548 Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Fixed a vulnerability in all the SSH client tools PuTTY, Plink, PSFTP and...

Recommended update for putty (moderate)

openSUSE Security Update: Recommended update for putty Announcement ID: openSUSE-SU-2019:1985-1 Rating: moderate References: 1144547 1144548 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that contains security fixes can now be installed. Description: This update for putty fix...

The vulnerability of the gsskrb5_extract_authz_data_from_sec_context_ex function in the gssapi module of the Secret Net Studio security system allows a attacker to cause a service failure.

The vulnerability of the gsskrb5extractauthzdatafromseccontextex function in the gssapi module of the Secret Net Studio security system is related to the lack of checks for the execution of the memory allocation command. Exploiting this vulnerability could allow a remote attacker to cause service...

Fedora 30 : openssh (2019-0f4190cdb0)

New upstream release with significantly reworked PKCS11 support, GSSAPI key exchange and several fixes for CVE-2019-6111 and CVE-2019-6109 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Authorization Bypass

PostgreSQL is vulnerable to authorization bypass. It is because it did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploi...

Denial Of Service (DoS)

krb5 is vulnerable to denial of service DoS. The vulnerability exists through a buffer overread issue when injected with invalid tokens into the GSSAPI application session...

UBUNTU-CVE-2019-10894

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

Authentication flaw

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

CVE-2017-2659 affects dropbear prior to 2013.59, where GSSAPI authentication failures are incorrectly counted toward the maximum password attempts when an invalid username is supplied. This leaks whether a username is valid or invalid during authentication, exposing a side channel that can aid cr...

openSUSE Security Update : python-paramiko (openSUSE-2019-129)

This update for python-paramiko to version 2.4.2 fixes the following issues : Security issue fixed : - CVE-2018-1000805: Fixed an authentication bypass in authhandler.py bsc1111151 Non-security issue fixed : - Disable experimental gssapi support bsc1115769 This update was imported from the...

Security update for python-paramiko (important)

openSUSE Security Update: Security update for python-paramiko Announcement ID: openSUSE-SU-2019:0129-1 Rating: important References: 1111151 1115769 1121846 Cross-References: CVE-2018-1000805 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now...