Red Hat Security Advisory 2019-3935-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
38d04c60a0844680fb8dbf1f69783df06839251f87cb4f8f1f68b024aae0c58dRed Hat Security Advisory 2019-3932-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
f949d1cc276a7bf012b0e797c6862801bf97e2c5aaac95a796e59d77b371fb59Red Hat Security Advisory 2019-3933-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
dac80e1c3458729338d3267cf431efdab4daa1ca2b791a55f1f323f8a84c4bb4Red Hat Security Advisory 2019-3929-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a cross site scripting vulnerability.
80f28c1ed396da36a178c6f1d6c7eae27d31ab38180de9357eb6ac5e272131c5Red Hat Security Advisory 2019-3931-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include cross site scripting and denial of service vulnerabilities.
c2a35f03e9c5eeee86dc6f02e3e82b10b06198741a15251e69754785d5ba9c63Red Hat Security Advisory 2019-2125-01 - OVMF is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include buffer overflow and denial of service vulnerabilities.
f1ce3bc23fa8f98e73cfdd22626f368309e65fc07adfe5505bc47b51a9c6d3dfRed Hat Security Advisory 2019-0651-01 - Ansible Tower version 3.4.3 has security updates that Red Hat did not feel like explaining in this advisory.
f3a989fc6b07f1220ca069b313f166cd30aa34a90781112c73dfa0b9d5f7739dRed Hat Security Advisory 2019-0652-01 - Ansible Tower version 3.3.5 has security updates that Red Hat did not feel like explaining in this advisory.
2638cb5d98f9dd47e1a7385986d6b92adb44d0f3f85b6e4bc38cb0d57d8dd34cGentoo Linux Security Advisory 201903-10 - Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Versions less than 1.0.2r are affected.
77f749728ff0ba1057d2f4792d97c1278a4ef4a6d57fe67b15d03cfd253b0d2dRed Hat Security Advisory 2019-0483-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a side-channel attack vulnerability.
a618a5310c8760e101ca251a93cfd97e0b0488342317a121ef2aa9edf705ceecDebian Linux Security Advisory 4355-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
b913df49694577978d9065ec818547f4d3d6619f2cbbc393194fc7e2ac40992aUbuntu Security Notice 3840-1 - Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
aa103792855188068858eb462036ea647e15c0cef998d6eb2bb4336601fef0fbDebian Linux Security Advisory 4348-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
984666d462c32381f4c81ceeb80d94d68254862db64e2525c9fc37e73b61fd81Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
81278317094fe94be6df033760ad0daf14350b896b60f71ff53ddee0a0ea982fOpenSSL Security Advisory 20181112 - OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.
fcdef964e9fc6b0898239d73753f138103c16be565a54d5caebcaf7ed40d45a2This is a proof of concept exploit of the PortSmash micro-architecture vulnerability that makes use of an SMT side-channel attack.
883afbc344f3891cddcec8777cf2e0d9c121b4315090fae51c38ec879915df0e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed