5 matches found
AZL-42751 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
AZL-78558 CVE-2023-5363 affecting package openssl-fips-provider 3.1.2-1
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
USN-6450-1 openssl vulnerabilities
Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector IV lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. CVE-2023-5363 Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV...
Missing Cryptographic Step
Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Missing Cryptographic Step when the EVPEncryptInitex2, EVPDecryptInitex2 or EVPCipherInitex2 functions are used. An attacker can cause truncation or overreading of key and...
Linksys BEFVP41 VPN Server does not follow proper VPN standards
Dear all, A month ago, we discovered a bug in the VPN Server module of the Linksys EtherFast BEFVP41 Cable/DSL VPN Router. Here's the detailed email we sent to Linksys Tech Support: Begin Email Dear Support @ Linksys, We recently heard about your BEFVP41 and thought we'd try it out as we liked th...