Ubuntu: Security Advisory (USN-4376-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4376-1 openssl vulnerabilities

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...

USN-4376-1: OpenSSL vulnerabilities

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT...

Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager

Summary OpenSSL is shipped with IBM Tivoli Network Manager version 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting OpenSSL is published here. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

Design/Logic Flaw

Memory failure in SKB if it fails to to add the requested padding to the skb in low memory targets or targets with major memory fragmentation in Snapdragon Auto, Snapdragon Mobile in Saipan, SM8150, SM8250, SXR2130...

CVE-2019-14122

CVE-2019-14122 describes a memory failure in the SKB path when padding is not added correctly for low-memory or highly fragmented targets on Qualcomm Snapdragon Auto and Snapdragon Mobile (Saipan, SM8150, SM8250, SXR2130). The issue affects Qualcomm components with a High severity rating (per Qua...

CVE-2019-14122

Memory failure in SKB if it fails to to add the requested padding to the skb in low memory targets or targets with major memory fragmentation in Snapdragon Auto, Snapdragon Mobile in Saipan, SM8150, SM8250, SXR2130...

MGASA-2020-0165 Updated tor packages fix security vulnerabilities

Updated tor package fixes security vulnerabilities: Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service CPU consumption CVE-2020-10592. Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service memory leak. This occurs in circpadsetupmachineoncirc because a...

Information Disclosure

openssl is vulnerable to information disclosure. It was discovered that the Datagram Transport Layer Security DTLS protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process could use this to extract plain text or, in some cases,...

OPENSUSE-SU-2020:0428-1 Security update for tor

This update for tor to version 0.3.5.10 fixes the following issues: - tor was updated to version 0.3.5.10: - CVE-2020-10592: Fixed a CPU consumption denial of service and timing patterns boo1167013 - CVE-2020-10593: Fixed a circuit padding memory leak boo1167014 This update was imported from the...

Security update for tor (moderate)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2020:0428-1 Rating: moderate References: 1167013 1167014 Cross-References: CVE-2020-10592 CVE-2020-10593 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

openSUSE Security Update : tor (openSUSE-2020-406)

This update for tor to version 0.3.5.10 fixes the following issues : - tor was updated to version 0.3.5.10 : - CVE-2020-10592: Fixed a CPU consumption denial of service and timing patterns boo1167013 - CVE-2020-10593: Fixed a circuit padding memory leak boo1167014 C Tenable Network Security, Inc...

openSUSE: Security Advisory for tor (openSUSE-SU-2020:0406-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for tor (moderate)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2020:0406-1 Rating: moderate References: 1167013 1167014 Cross-References: CVE-2020-10592 CVE-2020-10593 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: Thi...

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1552, CVE-2019-1563)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions,...