Ubuntu Security Notice 3372-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. Various other issues were also addressed.
e388acc86dcf59e73c62e313ac038fabb06265810beaf16fd3db321a90afdfb4Red Hat Security Advisory 2017-1712-01 - Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options. Security Fix: It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. The underlying container image was also rebuilt to resolve other security issues.
a7af4bd1f8c09fdc97fe5d258dbe002aa51401e2d6557029d5dfcf6178099e7aUbuntu Security Notice 3336-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.
87a10d1a6596140376bd51b697cd26f1c93ce8377ca267a8940ec919fe60e175Red Hat Security Advisory 2017-1567-01 - Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. With this update, Container Development Kit has been updated to 3.0.0-2, which includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Multiple security issues have been addressed.
a44f757946233e3a364bd96604e6658ea5f5335e5e0f8ec459d87aed6e053f59Red Hat Security Advisory 2017-1364-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.
0bd9c0cb15c7d46b2c6a83f4bb82b1446e11e276f590b32967c7dddc33e3093fRed Hat Security Advisory 2017-1365-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.
94ede444f9d41f60514e1540d3ddedfff1ad01f42727f9ba0efa58ae36d94cbb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed