11 matches found
libssh: Incorrect Return Code Handling in ssh_kdf() in libssh
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005085)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005085 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989804)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989804 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...
CLSA-2025-1759857168 libssh: Fix of CVE-2025-5372
CVE-2025-5372: uninitialized key buffers caused by inconsistent sshkdf return value...
CLSA-2025-1759330475 libssh: Fix of CVE-2025-5372
CVE-2025-5372: uninitialized key buffers caused by inconsistent sshkdf return value...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher – The key buffer is zeroed after use. I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroed once they are no longer needed. This is achieved by using...
SUSE CVE-2024-42229
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...
AZL-47204 CVE-2024-42229 affecting package kernel for versions less than 6.6.43.1-7
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...
DEBIAN-CVE-2024-42229
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...
AZL-47100 CVE-2024-42229 affecting package kernel for versions less than 5.15.164.1-1
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...
UBUNTU-CVE-2024-42229
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...