K14190: TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169

Security Advisory Description A vulnerability exists in the TLS and DTLS protocols that may allow an attacker to recover plaintext from TLS/DTLS connections that use CBC-mode encryption. CVE-2013-0169 Note : Stream ciphers, such as RC4, are not vulnerable to this issue. Impact The vulnerability m...

nss security and bug fix update

3.28.4-3.0.1 - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed 3.28.4-3 - Fix zero-length record treatment for stream ciphers and SSLv2 3.28.4-2 - Include CKBI 2.14 and updated CA constraints from NSS 3.28.5...

RUSTSEC-2016-0005 rust-crypto is unmaintained; switch to a modern alternative

The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...

BREACH vulnerability in compressed HTTPS

Overview By observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream. Description Angelo Prado of Salesforce.com reports:Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS...

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...