[SECURITY] Fedora 42 Update: socat-1.8.0.3-1.fc42

Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device serial line etc. or a pseudo terminal, a socket UNIX, IP4, IP6 - raw, UDP, TCP, an SSL socket, proxy CONNECT connection, a file descriptor stdin etc., th...

org.bouncycastle: Use of Incorrectly-Resolved Name or Reference

A flaw was found in Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to a use of incorrectly-resolved name or reference issue when resolving domain names over an SSL socket that was created without an explicit hostname, such as in the HttpsURLConnection...

org.bouncycastle: Use of Incorrectly-Resolved Name or Reference

A flaw was found in Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to a use of incorrectly-resolved name or reference issue when resolving domain names over an SSL socket that was created without an explicit hostname, such as in the HttpsURLConnection...

CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

USN-6513-2 python3.8, python3.10, python3.11 vulnerability

USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into...

Qt 5.12.2 through 5.14.2 as used in unofficial builds of Mumble 1.3.0 and other products mishandles OpenSSL's error queue which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected regardless of the Qt version.)

...

openSUSE Security Update : nodejs (openSUSE-2016-715)

This update for nodejs to version 4.4.5 fixes the several issues. These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h : - CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed...

Debian DSA-2706-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2855 The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors. - CVE-2013-2856...

[SECURITY] [DSA 2706-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2706-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 10, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2706-1 (chromium-browser - several vulnerabilities)

Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2855 The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors. CVE-2013-2856...

DSA-2706-1 chromium-browser - several

Bulletin has no description...

CVE-2013-2863

Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...

CVE-2013-2863

Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...

CVE-2013-2863

Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...