Debian DSA-3904-1 : bind9 - security update

Clement Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. - CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server...

[SECURITY] Fedora 25 Update: jetty-alpn-8.1.11-2.v20170118.fc25

A pure JavaTM implementation of the Application Layer Protocol Negotiation TLS Extension...

Debian DLA-1007-1 : icedove/thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. For Debian 7 'Wheezy', these problems have been fixed in version...

A Man-in-the-Middle Attack against a Password Reset System

This is nice work: "The Password Reset MitM Attack," by Nethanel Gelerntor, Senia Kalma, Bar Magnezi, and Hen Porcilan: Abstract: We present the password reset MitM PRMitM attack and show how it can be used to take over user accounts. The PRMitM attack exploits the similarity of the registration...

Using the CTS for vulnerability detection and principles of analysis-vulnerability warning-the black bar safety net

360 Vulpecker team Membership 360 Information Security Department, committed to the Android application and the system-layer vulnerability discovery as well as other Android security research. We passed on the CTS frame of the research, the preparation of a vulnerability detection aspect of the...

MGASA-2017-0195 Updated golang packages fix security vulnerability

A carry propagation issue was found in the P-256 implementation for x86-64 in golang CVE-2017-8932...

USN-3312-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

Historical courses and resorts in Elliptic Curves Cryptography - Is Curve25519 dead?

tl;dr This short blog post serves to me to recollect some of the thing I have been learning climbing about Elliptic Curves Cryptography ECC from now on during the last months/years, so please take it with a grain of salt since it might contains some erroneous beliefs. '80 - Introduction...

SUSE-SU-2017:1617-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and s...

Debian DSA-3881-1 : firefox-esr - security update

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support...

USN-3312-1: Linux kernel vulnerabilities

It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAPNETADMIN capability could use this to expose sensitive information or cause a denial of service. CVE-2016-7917 Qian Zhang discovered a heap-based...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3312-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3312-1 advisory. It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the...

CVE-2017-5085

Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark...

Open Source LoRa CSS PHY Implementation: gr-lora

Open Source LoRa CSS PHY Implementation LoRa is a wireless LPWAN PHY that is developed and maintained by Semtech. It is designed to provide long range, low data rate connectivity to IoT-focused devices. A reasonable analogy is that LoRa is like cellular data service, but optimized for embedded...

Passive HTTP2 Client Fingerprinting - White Paper

HTTP2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol, made up of TCP connections, streams and frames, rather than simply being a plain-text protocol. Such a fundamental change between HTTP/1.x to HTTP/2,...

Parallels Desktop - Virtual Machine Escape

Parallels Desktop - Virtual Machine Escape + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...

Kernel security update: CVE-2017-9077 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.3

The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernel 3.10.0-327.36.1.vz7.20.18 Virtuozzo 7.0.3. Vulnerability id: CVE-2017-9077 The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel mishandles inheritance, which allows loc...

Carry Propagation

crypto/elliptic in github.com/golang/go is vulnerable to carry propagation. This carry propagation bug affects the elliptic curve generation in the x86-64 P-256 crypto implementation...

kernel security, bug fix, and enhancement update

3.10.0-514.21.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-514.21.1 - kernel sched/core: Fix an SMP ordering race in trytowakeup vs...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...