169 matches found
openSUSE Security Update : mozilla-nss (openSUSE-SU-2013:1539-1)
Mozilla NSS was updated to 3.15.2 bnc842979 - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add PK11CipherFinal macro - sizeof used incorrectly - nssutilReadSecmodDB leaks memory - Allow...
IPMI MD2 Auth Type Support Enabled (IPMI Protocol)
The remote Intelligent Platform Management Interface IPMI service has MD2 auth type support enabled. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
SuSE 11.2 / 11.3 Security Update : Mozilla NSS (SAT Patch Numbers 8484 / 8485)
"Mozilla NSS has been updated to 3.15.2 bnc847708 bringing various features and bugfixes : The main feature is TLS 1.2 support and its dependent algorithms. - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add...
Oracle Linux 3 / 4 : openssl (ELSA-2010-0163)
From Red Hat Security Advisory 2010:0163 : Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...
Oracle Linux 5 : openssl (ELSA-2010-0054)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0054 advisory. - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables 510197 Tenable has extracted the preceding description block directly from the Oracle Linux...
CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584)
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJD...
Ubuntu 8.04 LTS / 8.10 / 9.04 : nss regression (USN-810-3)
USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS e.g. Firefox to have an executable stack. This reduced the effectiveness of some defensive security protections. This update...
RHEL 4 : nspr and nss (RHSA-2009:1190)
Updated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform...
RHEL 5 : nspr and nss (RHSA-2009:1207)
Updated nspr and nss packages that fix security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform independence for...
Scientific Linux Security Update : openssl on SL5.x i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests DoS It was found that the OpenSSL library did not properly re-initialize its internal state in the SSLlibraryinit function after previous calls to the...
Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem 6862968 CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities 6863503 CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service 68649...
Scientific Linux Security Update : nspr and nss for SL 5.x on i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2404 nss regexp heap overflow The packages with this update are identical to the packages released on the 20th of July 2009. They are being reissued as a...
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2654 firefox: URL bar spoofing vulnerability CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine...
Scientific Linux Security Update : openssl on SL3.x, SL4.x i386/x86_64
A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for example, an HTTPS connection to a website. This could force the...
Scientific Linux Security Update : gnutls on SL4.x, SL5.x i386/x86_64
CVE-2009-3555 TLS: MITM attacks via session renegotiation CVE-2010-0731 gnutls: gnutlsx509crtgetserial incorrect serial decoding from ASN1 BE64 GNUTLS-SA-2010-1 A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A...
OpenSSL < 0.9.8l Multiple Vulnerabilities
According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8l. As such, it may be affected by multiple vulnerabilities : - A remote attacker could crash the server by sending malformed ASN.1 data. This flaw only affects some architectures, Win64 and other...
CentOS Update for gnutls CESA-2010:0166 centos5 i386
Check for the Version of gnutls OpenVAS Vulnerability Test CentOS Update for gnutls CESA-2010:0166 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
CentOS Update for openssl CESA-2010:0054 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for gnutls CESA-2010:0166 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for seamonkey CESA-2009:1432 centos3 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...