85 matches found
SUSE-SU-2015:2171-1 Security update for gpg2
The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring bsc918089. - CVE-2015-1607: Fixed memcpy with overlapping ranges bsc918090. - bsc955753: Fixed a regression of 'gpg --recv' due to keyserver impor...
SUSE-SU-2015:2171-2 Security update for gpg2
The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring bsc918089. - CVE-2015-1607: Fixed memcpy with overlapping ranges bsc918090. - bsc955753: Fixed a regression of 'gpg --recv' due to keyserver impor...
Ubuntu 14.04 LTS : HPLIP vulnerability (USN-2699-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2699-1 advisory. Enrico Zini discovered that HPLIP used a short GPG key ID when downloading keys from the keyserver. An attacker could possibly use this to return a different key...
USN-2699-1 hplip vulnerability
Enrico Zini discovered that HPLIP used a short GPG key ID when downloading keys from the keyserver. An attacker could possibly use this to return a different key with a duplicate short key id and perform a machine-in-the-middle attack on printer plugin installations...
[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice
------------------------------------------------------------------------- Debian Security Advisory DSA-3281-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 7, 2015 http://www.debian.org/security/faq -...
CVE-2015-0839
The hp-plugin utility in HP Linux Imaging and Printing HPLIP makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads...
USN-2554-1 gnupg, gnupg2 vulnerabilities
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. CVE-2014-3591 Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was...
TorBirdy - Torbutton for Thunderbird
TorBirdy is Torbutton for Thunderbird, Icedove and related Mozilla mail clients. It may also work with other non-web browser Mozilla programs such as Sunbird. This extension configures Thunderbird to make connections over the Tor anonymity network. Notable changes in this release include: 0.1.3, ...
[SECURITY] [DLA 53-1] gnupg security update
Package : gnupg Version : 1.4.10-4+squeeze6 CVE ID : CVE-2014-5270 Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys CVE-2014-5270. In addition, this update hardens GnuPGs behaviour when treating keyserver responses; GnuPG now filters keyserver responses to...
DLA-54-1 gnupg - security-update
Bulletin has no description...
[SECURITY] [DSA 3024-1] gnupg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3024-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 11, 2014 http://www.debian.org/security/faq -...
DSA-3024-1 gnupg - security update
Bulletin has no description...
[SECURITY] Fedora 20 Update: sks-1.1.5-2.fc20
SKS is a OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization...
[SECURITY] Fedora 19 Update: sks-1.1.5-2.fc19
SKS is a OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization...
Network Associates PGP KeyServer 7 LDAP Buffer Overflow
No description provided by source. $Id: pgpkeyserver7.rb 11039 2010-11-14 19:03:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Fedora 20 : gnupg-1.4.17-1.fc20 (2014-7676)
New upstream v1.4.17 - Avoid DoS due to garbled compressed data packets. - Screen keyserver reponses to avoid import of unwanted keys by rogue servers. - Add hash algorithms to the 'sig' records of the colon output. - More specific reason codes for INVRECP status. - Drop gpg.ru.1 Note that Tenabl...
CVE-2014-3207
Cross-site scripting XSS vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to pks/lookup/undefined1...
DEBIAN-CVE-2014-3207
Cross-site scripting XSS vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to pks/lookup/undefined1...
CVE-2014-3207
Cross-site scripting XSS vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to pks/lookup/undefined1...
CVE-2014-3207
Cross-site scripting XSS vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to pks/lookup/undefined1...