BSA-2017-326

Security Advisory ID : BSA-2017-326 Component : Linux Kernel Revision : 2.0: Interim It was found that thepacketsetring function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAPNETRAW capability could use this flaw to...

BSA-2017-270

Security Advisory ID : BSA-2017-270 Component : OpenSSH Revision : 2.0: Interim Theverifyhostkeyfunction insshconnect.cin the client inOpenSSH6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptableHostCertificate. Affected Products...

BSA-2017-271

Security Advisory ID : BSA-2017-271 Component : MD5 Algorithm Revision : 1.0: Interim The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature...

BSA-2017-253

Security Advisory ID : BSA-2017-253 Component : OpenSSH Revision : 2.0: Interim sshdinOpenSSHbefore 6.6 does not properly support wildcards onAcceptEnvlines insshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard...

BSA-2017-258

Security Advisory ID : BSA-2017-258 Component : ECDHE Parameters Revision : 1.0: Interim If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointerleading to a client crash. This could be exploited in a...

BSA-2017-264

Security Advisory ID : BSA-2017-264 Component : OpenSSL Revision : 1.0: Interim During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent onciphersuite. Both clients and...

BSA-2017-226

Security Advisory ID : BSA-2017-226 Component : ntp Revision : 1.0: Interim The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable denial of service vulnerability inntpd'sbroadcast mode poll...

BSA-2017-201

Security Advisory ID : BSA-2017-201 Component : OpenSSL Revision : 1.0: Interim It was found that function "ssl3readbytes" inssl/s3pkt.c might lead to higher CPU usage due to improper handling of warning packets.An attacker could repeat the undefined plaintext warning packets of "SSL3ALWARNING"...

BSA-2017-218

Security Advisory ID : BSA-2017-218 Component : ntp Revision : 1.0: Interim tpddoes not enable trap service by default. If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crashntpd, resulting in a denial of...

BSA-2017-216

Security Advisory ID : BSA-2017-216 Component : libcurl Revision : 1.0: Interim curl andlibcurlbefore 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loade...

BSA-2017-227

Security Advisory ID : BSA-2017-227 Component : ntp Revision : 1.0: Interim Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was...

BSA-2017-223

Security Advisory ID : BSA-2017-223 Component : ntp Revision : 1.0: Interim Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks. Affected Products Product...