Red Hat Security Advisory 2020-1461-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include an out of bounds write vulnerability.
6f849628c8283933e795cc7c5a43d9c1b76b0d0812a2ec3ca6dcc3f40b6d9960Red Hat Security Advisory 2020-1345-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include an out of bounds write vulnerability.
d852834b4835e74d1e0d4154ee53eff6902a40b19a727bd5211d084bed71c503Red Hat Security Advisory 2020-1267-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include an out of bounds write vulnerability.
5350bb35d8c7d7eea515109a95e3e2815a160686848a4873fc1a60b9513fb2bdRed Hat Security Advisory 2019-2237-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Side channel attack vulnerabilities were addressed.
90de1f53cc7fc5e813be6b57b156663c22702ec3a2ed230220c3066695398340Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
87a60175fe0e0dde7ae7865168e89fd3521aa1306210d2d9c8b32e05f763b1a9Red Hat Security Advisory 2019-1297-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. It addresses denial of service and privilege escalation vulnerabilities.
1d3819c3a795696655f8712247c8df410655f69b1a073bb7b1b32d9271562472Red Hat Security Advisory 2019-1296-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. It serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. It addresses denial of service and privilege escalation vulnerabilities.
5ed148ee5c1aa1a8483ec13ffbf8a1df403d3b3e5e5aa321f31d0c7e9dc09b53Ubuntu Security Notice 3850-2 - USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
7498b43104d4fb07034d4fa82fae12b25b42d1e94165a25a6a94e278d49e0473Ubuntu Security Notice 3850-1 - Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. Various other issues were also addressed.
33dfd212dff4b39a5b8a3ffb081d43f4f2201ce71c47312b15edcf37961cf627Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.
5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49Red Hat Security Advisory 2018-3221-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a denial of service vulnerability.
f834291e7efc55a6d4018d8ba12fd62c80f36b5a912355996aca5eab461c7cffUbuntu Security Notice 3692-1 - Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.
64a55400d3928d560eed60fa189b3f16e104aacf734c115775b42e7ec6f162c5Ubuntu Security Notice 3692-2 - USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
c9a4413cce1293192cef94ae1323f4ac3f80a693b84d4dd16582f330058c726dUbuntu Security Notice 3689-2 - USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that Libgcrypt was susceptible to a side- channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Various other issues were also addressed.
e28a6878c39988d3f66523fc14a66afd0c58b05460c84d389240bcaf04b1f87dUbuntu Security Notice 3689-1 - Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys.
88555ac1dd1d49a8d5c958883feb730a625259656c33ee350e93c19be692fc93Debian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.
ef38fe69a1b2b013844637997c00e81a3fe74fc6d31ef0d68664ca8f80f25e78
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed