FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)

Matthias Andree reports : Fetchmail version 6.3.9 enabled 'all SSL workarounds' SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...

CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

PYSEC-2012-13

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

PYSEC-2012-13

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

UBUNTU-CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

CVE-2012-2146

CVE-2012-2146 affects Elixir up to at least 0.8.0, where Blowfish in CFB mode is used without a unique initialization vector (IV). This weak IV construction can enable context-dependent users to obtain sensitive information and potentially decrypt the database. The connected documents confirm the...

CVE-2012-2146

Removed by vendor...

py39-Elixir -- weak use of cryptography

Red Hat Security Response Team reports: Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

libvirt security and bug fix update

libvirt-0.9.10-21.0.1.el63.4 - Replace docs/et.png in tarball with blank image libvirt-0.9.10-21.el63.4 - daemon: Fix crash in virTypedParameterArrayClear rhbz844735 - remote: Fix locking in stream APIs rhbz847946 - Using virOnce for global initialization is desirable rhbz847959 - json: Fix...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

These new kernel packages contain fixes for the following security issues : - a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers CVE-2007-2242, Important. - a flaw in the nfnetlinklog...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This update fixes the following security issues : - A heap overflow flaw was found in the Linux kernel's Transparent Inter-Process Communication protocol TIPC implementation. A local, unprivileged user could use this flaw to escalate their privileges. CVE-2010-3859, Important - Missing sanity...

Scientific Linux Security Update : conga on SL5.x i386/x86_64

A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service CVE-2007-4136. Fixes in this updated package include : - The nodename is now set for manual fencing. - The node log ...

Scientific Linux Security Update : aide on SL5.x i386/x86_64

A flaw was discovered in the way file checksums were stored in the AIDE database. A packaging flaw in the Red Hat AIDE rpm resulted in the file database not containing any file checksum information. This could prevent AIDE from detecting certain file modifications. CVE-2007-3849 This update also...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This update fixes the following security issues : - A buffer overflow flaw was found in the loadmixervolumes function in the Linux kernel's Open Sound System OSS sound driver. On 64-bit PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service or escalate their...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

CVE-2005-4881 kernel: netlink: fix numerous padding memleaks CVE-2009-3228 kernel: tc: uninitialised kernel memory leak This update fixes the following security issues : - multiple, missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was no...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

These updated packages fix the following security issue : - a possible kernel memory leak was found in the Linux kernel Simple Internet Transition SIT INET6 implementation. This could allow a local unprivileged user to cause a denial of service. CVE-2008-2136, Important As well, these updated...

CentOS Update for ghostscript CESA-2012:0095 centos5

Check for the Version of ghostscript OpenVAS Vulnerability Test CentOS Update for ghostscript CESA-2012:0095 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Race condition

The insertmodule function in runtime/staprun/staprunfuncs.c in the systemtap runtime tool staprun in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module...

CVE-2011-2503

CVE-2011-2503 affects SystemTap's runtime staprun on Linux, where the insert_module path allows a local user to escalate privileges due to a race between signature validation and module initialization in versions before 1.6. The vulnerability arises from improper module validation during loading,...