SuSE 10 Security Update : Mono (ZYPP Patch Number 6353)

The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documents. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. %NASLMINLEVEL 70300 C Tenable Network...

xmlsec1 security update

CentOS Errata and Security Advisory CESA-2009:1428 Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C...

RedHat Security Advisory RHSA-2009:1428

The remote host is missing updates announced in advisory RHSA-2009:1428. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using...

CentOS 4 / 5 : xmlsec1 (CESA-2009:1428)

Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the...

RHEL 4 / 5 : xmlsec1 (RHSA-2009:1428)

Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the...

xmlsec1 security update

1.2.9-8.1.1 - Fix a security issue on short hmac lenght CVE-2009-0217 - Resolves: rhbz516724...

RedHat Security Advisory RHSA-2009:1428

The remote host is missing updates announced in advisory RHSA-2009:1428. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using...

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

Moderate: Red Hat Security Advisory: xmlsec1 security update

Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the...

openSUSE Security Update : bytefx-data-mysql (bytefx-data-mysql-1124)

The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documents. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. %NASLMINLEVEL 70300 C Tenable Network...

Ubuntu: Security Advisory (USN-826-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252)

The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documentes. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. CVE-2009-0217 The WebStart component...

Ubuntu 8.04 LTS / 8.10 / 9.04 : mono vulnerabilities (USN-826-1)

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. CVE-2009-0217 It was discovered that Mono did not properly escape certain attributes in th...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)

Multiple Java OpenJDK security vulnerabilities has been identified and fixed : The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation specifies an HMAC truncation length HMACOutputLength but does not require a minimum for its length, which allows attackers to spoof...

Debian Security Advisory DSA 1849-1 (xml-security-c)

The remote host is missing an update to xml-security-c announced via advisory DSA 1849-1. OpenVAS Vulnerability Test $Id: deb18491.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1849-1 xml-security-c Authors: Thomas Reinke Copyright: Copyright c 2009 E-Sof...

Ubuntu USN-814-1 (openjdk-6)

The remote host is missing an update to openjdk-6 announced via advisory USN-814-1. OpenVAS Vulnerability Test $Id: ubuntu8141.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8141.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-814-1 openjdk-6 Authors: Thoma...

FreeBSD Ports: mono

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Debian: Security Advisory (DSA-1849-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-814-1: OpenJDK vulnerabilities

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. CVE-2009-0217 It was discovered that JAR bundles would appear signed if only one element w...

[USN-814-1] openjdk-6 vulnerabilities

=========================================================== Ubuntu Security Notice USN-814-1 August 11, 2009 openjdk-6 vulnerabilities CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-267...