Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server (CVE-2015-7575, CVE-2016-0475, CVE-2015-4872, CVE-2015-5006)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 that is used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java Runtime updates in October 2015 and January 2016 and include the...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Control Center (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Control Center. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM XIV Gen3 systems and IBM XIV Management Tools (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM XIV Gen3 systems and IBM XIV Management Tools. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2015-4872, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Initiate Master Data Service. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerabilit...

Debian Security Advisory DSA 3500-1 (openssl - security update)

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack whic...

[SECURITY] [DSA 3500-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3500-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini March 01, 2016 https://www.debian.org/security/faq -...

DSA-3500-1 openssl - security update

Bulletin has no description...

[SECURITY] [DSA 3457-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3457-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2016 https://www.debian.org/security/faq -...

DSA-3457-1 iceweasel - security update

Bulletin has no description...

Debian Security Advisory DSA 3457-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3457.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3457-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2016 Greenbone Networks Gm...

Debian: Security Advisory (DSA-3457-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mbedtls: man-in-the-middle

mbedTLS before 2.2.1 is vulnerable to the SLOTH attack, breaking MD5 signatures potentially used during TLS 1.2 handshakes to impersonate a TLS server...

mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication

ARM Limited reports: MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL...