Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990074)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990074 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination becaus...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989398)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989398 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix out-of-bounds read when setting HMAC data. The SRv6 layer allows defining HMAC dat...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989143 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination becaus...

Siemens SIMATIC Devices Missing Release of Memory after Effective Lifetime (CVE-2024-39489)

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6hmacinitalgo seg6hmacinitalgo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6hmacexit to only free the memory...

Updated libtpms package fixes security vulnerability

It was discovered that libtpms had a potential out-of-bound access & abort due to HMAC signing issue CVE-2025-49133...

CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21640)

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

OpenVPN -- HMAC verification on source IP address ineffective

Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the...

EUVD-2025-35895

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

CVE-2025-34500

CVE-2025-34500 affects Deck Mate 2. The firmware update mechanism accepts unsigned packages, uses a single hard-coded AES key for encryption, and applies a truncated HMAC for integrity, enabling an attacker with USB/update-interface access to craft/modify firmware to execute arbitrary code as roo...

CVE-2025-34500 Shuffle Master Deck Mate 2 Insecure Update Chain

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2025-2297)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-43687

Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description The firmware update mechanism for Deck Mate 2 does not verify cryptographic signatures on update packages. Updates are encrypted using a single, hard-coded AES key shared across all devic...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2025-2265)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:3729-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 bsc1241219. Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current...

Security update for krb5

This update for krb5 fixes the following issues: CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 bsc1241219. Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographi...

Security update for krb5

This update for krb5 fixes the following issues: CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 bsc1241219. Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographi...

SUSE-SU-2025:3698-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 bsc1241219. Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current...

Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

CVE-2025-2884 is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. CERT/CC created this CVE on their behalf. The documente...

EulerOS 2.0 SP11 : krb5 (EulerOS-SA-2025-2199)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5...