Synopsis
Moderate: nss, nss-softokn, nss-util, and nspr security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a secu ...
Synopsis
Important: nss-softokn security update
Type/Severity
Security Advisory: Important
Topic
An update for nss-softokn is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: nss-softokn security update
Type/Severity
Security Advisory: Important
Topic
An update for nss-softokn is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services f ...
Synopsis
Important: nss-softokn security update
Type/Severity
Security Advisory: Important
Topic
An update for nss-softokn is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP2 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 2 zip release for RHEL 6 and RHEL 7 is availableRed Hat Product Security has rated this release a ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP2 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Co ...
Synopsis
Critical: Red Hat Ansible Tower 331-2 Release - Container Image
Type/Severity
Security Advisory: Critical
Topic
Security Advisory
Description
Red Hat Ansible Tower 331 is now available and contains the following bug fixes: Fixed event callback error when in-line vaulted variabl ...
Synopsis
Moderate: openssl security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for openssl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP2 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 2 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
Several security issues were fixed in NSS ...
Libgcrypt could be made to expose sensitive information ...
Several security issues were fixed in NSS ...
Libgcrypt could be made to expose sensitive information ...
Several security issues were fixed in OpenSSL ...
Several security issues were fixed in OpenSSL ...
A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss) While the attack complexity is high, the impact to confidentiality, integ ...
Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsac, aka the Return Of the Hidden Number Problem or ROHNP To discover an ECDSA key, the attacker needs access to either the local machine or a d ...
Libgcrypt before 1710 and 18x before 183 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsac, aka the Return Of the Hidden Number Problem or ROHNP To discover an ECDSA key, the attacker needs acces ...
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 341 (CVE-2018-12404)
Libgcrypt before 1710 and 18x before 183 allows a memory-cache side-cha ...
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished This could be exploited in a Denial Of Service attack( ...
An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private keys When these cryptographic libraries use the private key to create a signature, such as for a TLS or SSH connection, they inadvertently leak information through memory caches An unprivileged a ...
Vulmon