OPENSUSE-SU-2020:1970-1 Security update for tor

This update for tor fixes the following issues: Updating tor to a newer version in the respective codestream. - tor 0.3.5.12: Check channels+circuits on relays more thoroughly TROVE-2020-005, boo1178741 Not affected by out-of-bound memory access CVE-2020-15572, boo1173979 Fix DoS defenses on...

EulerOS 2.0 SP2 : nettle (EulerOS-SA-2020-2371)

According to the version of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2020-2206)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : nettle (EulerOS-SA-2020-2206)

According to the version of the nettle package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted...

CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

DEBIAN-CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

ALPINE-CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

Security Bulletin: Security vulnerabilities in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance (CVE-2018-15473, CVE-2019-1559)

Summary The OpenSSH and OpenSSL packages are shipped with IBM Security Access Manager Appliances. These vulnerabilities have been fixed. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2020-2069)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : nettle (EulerOS-SA-2020-2069)

According to the version of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5...

Multiple packages on Sun Solaris including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier SDK and JRE 1.4.x up to 1.4.2_12 and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice when using an RSA key with exponent 3 removes PKCS-1 padding before generating a hash which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-4504-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4504-1 advisory. Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie- Hellman ciphersuites in the TLS...

DRUPAL-CORE-2020-007

The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting...

USN-4504-1: OpenSSL vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

USN-4504-1 openssl, openssl1.0 vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

GHSA-5V7R-JG9R-VQ44 Insecure Cryptography Algorithm in simple-crypto-js

Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...