Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects RIT and RTCP in Rational Test Workbench, RTCP and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects Rational Integration Tester and Rational Test Control Panel in Rational Test Workbench, Rational Test Control Panel and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server Vulnerability Detail...

Update to add SHA-2 authentication endpoint support for WSUS in Windows Server 2008 SP2

Update to add SHA-2 authentication endpoint support for WSUS in Windows Server 2008 SP2 Summary This update provides support of the Secure Hash Algorithm-2 SHA-2 server authentication endpoint for Windows Server Update Services WSUS in Windows Server 2008 Service Pack 2 SP2. How to get this updat...

[SECURITY] [DLA 1232-1] linux security update

Package : linux Version : 3.2.96-3 CVE ID : CVE-2017-5754 CVE-2017-17558 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5754...

SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0011-1) (Meltdown) (Spectre)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753: Local attackers on systems with...

CVE-2017-17806

The HMAC implementation crypto/hmac.c in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3, ...

CVE-2017-17806

The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3 to caus...

CVE-2017-17806

CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...

CVE-2017-17806

The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3 to caus...

Virtuozzo 7 : java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc (VZLSA-2017-0061)

An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-835)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 It was found that the JAXP component of...

Weak Hash Algorithm Without Salt

dolibarr/dolibarr is vulnerable to using a weak hash algorithm without salt. The library does not encrypt its passwords with a salt, meaning that the password hash stored on the system can be easily brute forced...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

Security Only update for the .NET Framework 3.5 Service Pack 1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 8.1 and Windows Server 2012 R2: May 9, 2017

Security Only update for the .NET Framework 3.5 Service Pack 1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 8.1 and Windows Server 2012 R2: May 9, 2017 View products that this article applies to. Notice May 30, 2017 If you install the .NET Framework Security and Quality rollups for May...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

Automated Modular Cryptanalysis Tool: FeatherDuster

Automated Modular Cryptanalysis Tool FeatherDuster is a tool written by Daniel “unicornfurnace” Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and...

CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061)

An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives...