Ubuntu: Security Advisory (USN-859-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : xmlsec1 on SL4.x, SL5.x i386/x86_64

CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.: XMLDsig HMAC-based signatures spoofing and authentication bypass A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw t...

Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1)

Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in...

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...