Synopsis
Moderate: gnutls security update
Type/Severity
Security Advisory: Moderate
Topic
Updated gnutls packages that fix one security issue are now available forRed Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact A Common Vulnerability Scoring ...
Synopsis
Moderate: nss security update
Type/Severity
Security Advisory: Moderate
Topic
Updated nss packages that fix one security issue are now available for RedHat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact A Common Vulnerability Scoring Syste ...
Synopsis
Moderate: openssl security update
Type/Severity
Security Advisory: Moderate
Topic
Updated openssl packages that fix one security issue are now available forRed Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact A Common Vulnerability Scori ...
Several security issues were fixed in OpenJDK 7 ...
OpenSSL could be made to expose sensitive information over the network ...
Several security issues were fixed in Thunderbird ...
Firefox could be made to expose sensitive information over the network ...
GnuTLS could be made to expose sensitive information over the network ...
NSS could be made to expose sensitive information over the network ...
Mozilla Foundation Security Advisory 2015-150
MD5 signatures accepted within TLS 12 ServerKeyExchange in server signature
Announced
December 22, 2015
Reporter
Karthikeyan Bhargavan
Impact
Moderate
Products
Firefox, Firefox E ...
A flaw was found in the way TLS 12 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS clie ...
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, information disclosure, denial of service and insecure
cryptography
For the oldstable distribution (wheezy), these problems have been fixed
in version 6b38-11310-1~deb7u1
We recommend that you upgra ...
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, information disclosur, denial of service and insecure
cryptography
For the oldstable distribution (wheezy), these problems have been fixed
in version 7u95-264-1~deb7u1
For the stable distribution (j ...
Several vulnerabilities were discovered in NSS, the cryptography
library developed by the Mozilla project
CVE-2015-4000
David Adrian et al reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Se ...
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service
For the oldstable distribution (wheezy), these problems have been fixed
in ...
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors and a
buffer overflow may lead to the execution of arbitrary code In addition
the bundled NSS crypto library addresses the SLOTH attack on TLS 12
For the oldstable distribution (wheezy), these problems have be ...
Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in
the TLS 12 protocol which could allow the MD5 hash function to be used
for signing ServerKeyExchange and Client Authentication packets during a
TLS handshake A man-in-the-middle attacker could exploit this flaw to
conduct collision attacks to impersonate a TLS server or an
aut ...
Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in
the TLS 12 protocol which could allow the MD5 hash function to be used
for signing ServerKeyExchange and Client Authentication packets during a
TLS handshake A man-in-the-middle attacker could exploit this flaw to
conduct collision attacks to impersonate a TLS server or an
aut ...
A flaw was found in the way TLS 12 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS clie ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483)
A flaw was found in the w ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483)
An integer signedness iss ...
A flaw was found in the way TLS 12 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS clie ...
A padding oracle flaw was found in the Secure Sockets Layer version 20 (SSLv2) protocol An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections This cross-protocol attack is publicly referred to as DROWN (CVE-2016-0800) Pri ...
SecurityCenter and the Tenable Appliance are potentially impacted by vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of the issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time
CVE-2015-3194 - crypto/rsa/rsa_amethc in Ope ...