Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3742-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3742-1 advisory. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3741-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3741-2 advisory. USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3741-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3741-1 advisory. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3740-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3740-1 advisory. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core...

FreeBSD : wpa_supplicant -- unauthenticated encrypted EAPOL-Key data (6bedc863-9fbe-11e8-945f-206a8a720317)

SO-AND-SO reports : A vulnerability was found in how wpasupplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpasupplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being...

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3740-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3740-2 advisory. USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

USN-3742-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3742-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be...

USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be...

USN-3742-1: Linux kernel vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...

USN-3741-1: Linux kernel vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...

[SECURITY] Fedora 27 Update: php-zendframework-zend-diactoros-1.8.4-1.fc27

A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://zendframework.github.io/zend-diactoros/ Autoloader: /usr/share/php/Zend/Diactoros/autoload.php 1...

oxenstored does not apply quota-maxentity

ISSUE DESCRIPTION The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual: http://caml.inria.fr/pub/docs/manual-ocaml/expr.html the order of evaluation of...

CVE-2018-0131

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...

Linux kernel IP fragment re-assembly vulnerable to denial of service

Overview The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets. Description CWE-400: Uncontrolled Resource Consumption 'Resource Exhaustion' - CVE-2018-5391The Linux kernel, versions 3.9+, is vulnerable to a...

[SECURITY] Fedora 28 Update: libgit2-0.26.6-1.fc28

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Security Bulletin: OpenSSL vulnerability in current release of the IBM® SDK for Node.js™

Summary OpenSSL ECDSA FLUSH+RELOAD cache side-channel attack Vulnerability Details CVE ID: CVE-2014-0076 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by an implementation error in ECDSA Elliptic Curve Digital Signature Algorithm. An attacker could...

Security Bulletin: Vulnerability in OpenSSL affects IBM® SDK for Node.js™ in IBM Bluemix (CVE-2015-1793)

Summary OpenSSL alternate chains certificate forgery vulnerability CVE-2015-1793 disclosed by the OpenSSL Project on July 9 2015. IBM SDK for Node.js in IBM Bluemix has addressed this CVE. Vulnerability Details CVEID: CVE-2015-1793 DESCRIPTION: OpenSSL could allow a remote attacker to bypass...

Security Bulletin: Vulnerability in OpenSSL affects IBM® SDK for Node.js™ (CVE-2015-1793)

Summary OpenSSL alternate chains certificate forgery vulnerability CVE-2015-1793 disclosed by the OpenSSL Project on July 9 2015. IBM SDK for Node.js has addressed this CVE. Vulnerability Details CVEID: CVE-2015-1793 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security...

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerability (USN-3732-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3732-2 advisory. USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE...

USN-3732-2: Linux kernel (HWE) vulnerability

USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed...