170 matches found
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Datapower Gateways (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Datapower Gateways. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...
Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect WebSphere Lombardi Edition and IBM Business Process Manager (CVE-2015-4000)
Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server Full Profile and IBM WebSphere Application Server Liberty Profile that are shipped as a component of WebSphere Lombardi Edition and IBM Business Process Manager. Th...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Operational Decision Manager (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Operational Decision Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere MQ Telemetry (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM WebSphere MQ Telemetry MQXR service. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...
SUSE SLES11 Security Update : mysql (SUSE-SU-2016:1618-1) (Logjam)
This update for mysql fixes the following issues : - bsc959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped : - Increase the key length to 2048 bits used in vio/viosslfactories.c f...
Export-Grade Crypto Patching Improves
LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...
Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2617 advisory. - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509ATTRIBUTE memory leak - fix CVE-2015-3196 - rac...
openssl security update
1.0.1e-51.1 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint 1.0.1e-51 - fix the CVE-2015-1791 fix broken server side renegotiation 1.0.1e-50 - improved fi...
openSUSE Security Update : haproxy (openSUSE-2015-682)
haproxy was updated to fix two security issues. These security issues were fixed : - CVE-2015-3281: The bufferslowrealign function in HAProxy did not properly realign a buffer that is used for pending outgoing data, which allowed remote attackers to obtain sensitive information uninitialized memo...
openSUSE: Security Advisory for haproxy (openSUSE-SU-2015:1831-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for haproxy (important)
haproxy was updated to fix two security issues. These security issues were fixed: - CVE-2015-3281: The bufferslowrealign function in HAProxy did not properly realign a buffer that is used for pending outgoing data, which allowed remote attackers to obtain sensitive information uninitialized memor...
SUSE: Security Advisory for MySQL (SUSE-SU-2015:1177-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory for MySQL (SUSE-SU-2015:1177-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2015-1072)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerability in Diffie-Hellman ciphers affects sendmail on AIX,Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
IBM SECURITY ADVISORY First Issued: Fri Aug 7 15:15:59 CDT 2015 |Updated: Tue Aug 18 09:19:51 CDT 2015 |Update: Added AIX 5.3 vulnerability information The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/sendmailadvisory2.asc...
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Fri Jul 31 13:04:25 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajuly2015advisory.asc https://aix.software.ibm.com/aix/efixes/security/javajuly2015advisory.asc...
SUSE-SU-2015:1482-1 Recommended update for openldap2
openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org bsc937766. This non-security issue was fixed: - bsc932773: ldapmodify failed with DOS format LDIF files containing '-' separator...
SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)
This update fixes the following security issues : - Logjam attack: mysql uses 512 bit dh groups in SSL bnc934789 - CVE-2015-3152: mysql --ssl does not enforce SSL bnc924663 - CVE-2014-8964: heap buffer overflow bnc906574 - CVE-2015-2325: heap buffer overflow in compilebranch bnc924960 -...
SUSE-SU-2015:1273-1 Security update for mariadb
This update fixes the following security issues: Logjam attack: mysql uses 512 bit dh groups in SSL bnc934789 CVE-2015-3152: mysql --ssl does not enforce SSL bnc924663 CVE-2014-8964: heap buffer overflow bnc906574 CVE-2015-2325: heap buffer overflow in compilebranch bnc924960 CVE-2015-2326: heap...
SUSE SLES11 Security Update : MySQL (SUSE-SU-2015:1177-2) (Logjam)
This update fixes the following security issue : Logjam Attack: mysql uses 512 bit dh groups in SSL bnc934789 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as mu...