137 matches found
Linux RNG Flaws
Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. I'm sending this to [email protected] and Theodore Ts'o for now; it might make sense to also add Jason Donenfeld, since...
openSUSE Security Update : openssl-steam (openSUSE-2018-168)
This update for openssl-steam fixes the following issues : - Merged changes from upstream openssl Factory rev 137 into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results boo1009528 - CVE-2016-7056: ECSDA P-256 timing attack ke...
libgcrypt security update
1.5.3-13.1 - fix CVE-2016-6313 - predictable PRNG output 1366105 1.5.3-13 - touch only urandom in the selftest and when /dev/random is unavailable for example by SELinux confinement - fix the RSA selftest key p q swap...
SUSE SLES11 Security Update : openssl (SUSE-SU-2016:2458-1)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behavior CVE-2016-2177 bsc982575 - Constant time flag not...
openSUSE: Security Advisory for openssl (openSUSE-SU-2016:2407-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for openssl (important)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time flag not...
openSUSE Security Update : openssl (openSUSE-2016-1130)
This update for openssl fixes the following issues : OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 - Constant time flag n...
SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...
Security update for openssl (important)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 Constant time flag not...
SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...
Fedora 23 : prosody-0.9.10-1.fc23 (2016-5a5c85c5a8)
Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...
[SECURITY] [DLA 407-1] prosody security update
Package : prosody Version : 0.7.0-1squeeze1+deb6u2 CVE ID : CVE-2016-0756 The flaw allows a malicious server to impersonate the vulnerable domain to any XMPP domain whose domain name includes the attackers domain as a suffix. For example, bber.example would be able to connect to jabber.example an...
OracleVM 3.3 : bind (OVMSA-2014-0084)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 1171973 - Use /dev/urandom when generating rndc.key file 951255 - Remove bogus file from /usr/share/doc, introduced by fix for bug 1092035 - Add support for TLSA resource records...
DEBIAN-CVE-2013-4442
Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...
Design/Logic Flaw
Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...
CVE-2013-4442
Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...
CVE-2013-4442
Pwgen (Password Generator) prior to version 2.07 was vulnerable because it used weak pseudo-random numbers when /dev/urandom was unavailable, allowing context-dependent attackers to potentially guess generated passwords. Public advisories and OSV/NVD records describe fixes in pwgen-2.07 and later...
python security, bug fix, and enhancement update
2.6.6-51 - Fixed memory leak in ssl.getpeeraltnames Resolves: rhbz1002983 2.6.6-50 - Added fix for CVE-2013-4238 Resolves: rhbz998784 2.6.6-49 - Fix shebangs in several files in python-tools subpackage Resolves: rhbz521898 2.6.6-48 - Fix sqlite3.Cursor.lastrowid under a Turkish locale. Resolves:...
CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed
Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su...
CVE-2011-3263
zabbixagentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service CPU consumption by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device...