[SECURITY] Fedora 25 Update: jasper-1.900.13-2.fc25

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

TLS 1.3 at 33c3

Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. Here's the Fahrplan entry. We spoke about the flow of TLS 1.2 vs. TLS 1.3, how it manages to save a round trip, resumption and 0-RTT, forward secrecy and replays, all the things that were removed, all...

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 LTS Description Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information kernel memory. CVE-2015-8964 It was...

CVE-2016-2217

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-791)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. CVE-2017-3241 This...

Ubuntu: Security Advisory (USN-3179-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3771-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Critical: java-1.8.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

USN-3179-1: OpenJDK 8 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Amazon Linux AMI : kernel (ALAS-2017-786)

The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a /dev/sg device,...

OpenJDK: DSA implementation timing attack (Libraries, 8168728)

A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel...

Medium: kernel

Issue Overview: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a...

SA139 : November 2016 NTP Security Vulnerabilities

SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can modify the targets system time, prevent the target from synchronizing its time, cause denial of service through...

Ubuntu: Security Advisory (USN-3170-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3168-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3168-1 advisory. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3169-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3169-1 advisory. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local...

CVE-2016-10088

It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNELDS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service...

USN-3167-2: Linux kernel (OMAP4) vulnerabilities

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local attacker could use this to expose sensitive information kernel memory. CVE-2016-9756 Baozeng Ding discovered a race condition that could lead to...

CVE-2016-6580

CVE-2016-6580 affects HTTP/2 implementations built with the Python priority library older than 1.2.0. The vulnerability arises when a peer can assign priority information for every HTTP/2 stream ID, allowing the priority data structure to grow without bound, consuming memory and driving extremely...