EulerOS Virtualization 2.10.1 : shim (EulerOS-SA-2026-1146)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext acro...

USN-7970-1: iperf3 vulnerabilities

Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in...

Security Bulletin: Vulnerability in NX-OS Firmware and DCNM Software used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code and NDFC code levels listed below. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing...

EulerOS 2.0 SP11 : shim (EulerOS-SA-2025-2246)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in...

DEBIAN-CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

AZL-40658 CVE-2024-26306 affecting package iperf3 for versions less than 3.17-1

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

USN-6727-1 nss vulnerabilities

It was discovered that NSS incorrectly handled padding when checking PKCS1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. CVE-2023-4421 It was discovered that NSS had a timin...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

ALPINE-CVE-2023-5388

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

openssl security update

1:1.1.1k-9 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIOnewNDEF Resolves: CVE-2023-0215 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286...

OESA-2023-1107 openssl security update

Security Fixes: The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a...

OESA-2023-1092 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL...

SUSE-SU-2023:0306-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4304: Fixed timing Oracle in RSA Decryption bsc1207534....

SUSE-SU-2023:0305-2 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4304: Fixed timing Oracle in RSA Decryption bsc1207534...