EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1112)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...

openSUSE Security Update : gnutls (openSUSE-2019-746)

This update for gnutls fixes the following security issues : - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirtee...

openssl security update

1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...

Security Bulletin: Public disclosed vulnerability from Nimbus-JOSE-JWT affects IBM Spectrum LSF

Summary Public disclosed vulnerability from Nimbus-JOSE-JWT affects IBM Spectrum LSF Vulnerability Details CVE-2017-16007 BDSA-2017-0101 Nimbus JOSE+JWT implemented the ECDH-ES encryption option of the 'JSON Web Encryption' standard in a way that is vulnerable to cryptanalysis. This would enable ...

WordPress WooCommerce GloBee Payment Gateway 1.1.1 Bypass / Spoofing

?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018 Public Disclosure Date: 14.02.2019 Exploit Author: GeekHack Contact: https://t.me/GeekHack Vendor Homepage: https://globee.com/...

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-1026)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...

Burp HMAC header extensions, a how-to

I was recently on a test where the client’s API used a custom authentication scheme to add a SHA256 HMAC dynamically on each request, based on the URL, time, and message body. My normal go-to for API testing is Postman especially when your client is lovely enough to give you definitions you can...

EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1005)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...

SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2018:2930-1)

This update for gnutls fixes the following security issues : Improved mitigations against Lucky 13 class of attacks CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen atta...

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2018-1444)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4301)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4301 advisory. - mnt: Prevent pivotroot from creating a loop in the mount tree Eric W. Biederman Orabug: 26575709 CVE-2014-7970 CVE-2014-7970 - vfs: more mntparen...

Amazon Linux 2 : gnutls (ALAS-2018-1120)

It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.CVE-2018-10844 It was foun...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4299)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4299 advisory. - xfs: don't call xfsdashrinkinode with NULL bp Eric Sandeen Orabug: 28898616 CVE-2018-13094 - ALSA: rawmidi: Change resized buffers atomically...

Medium: gnutls

Issue Overview: It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted...

SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2018:2452-2)

This update for libgcrypt fixes the following issues : The following security vulnerability was addressed : CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed: Extended the fipsdrv dsa-sign and dsa-verify...

Oracle Linux 7 : gnutls (ELSA-2018-3050)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3050 advisory. - Improved counter-measures in TLS CBC record padding for lucky13 attack CVE-2018-10844, 1589704, CVE-2018-10845, 1589707 - Added counter-measures for...

gnutls security, bug fix, and enhancement update

3.3.29-8.0.1 - Include ECDSA KAT into selftests for FIPS140-2 compliance Orabug 27484156 3.3.29-8 - Backported --sni-hostname option which allows overriding the hostname advertised to the peer 1444792 - Improved counter-measures in TLS CBC record padding for lucky13 attack CVE-2018-10844, 1589704...

Debian: Security Advisory (DLA-1560-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...

RHEL 7 : gnutls (RHSA-2018:3050)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3050 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...