|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Posted by Benjamin D. Thomas
|
|
Multiple flaws were discovered in the connection handling of GnuTLS.
A remote attacker could exploit this to crash applications linked
against GnuTLS, or possibly execute arbitrary code with permissions of
the application's user.
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1. This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL
in Ubuntu 6.06 is not vulnerable, this update will block weak keys
generated on systems that may have been affected themselves.
Original advisory details:
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-612-3 addressed a weakness in OpenSSL certificate and keys
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS and multi-client/server which caused OpenVPN to not start
when using valid SSL certificates.
|
|
|
Posted by Benjamin D. Thomas
|
|
Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys
with options (such as "no-port-forwarding" or forced commands) were
ignored by the new ssh-vulnkey tool introduced in OpenSSH (see
USN-612-2). This could cause some compromised keys not to be
listed in ssh-vulnkey's output.
|
|
|
Posted by Benjamin D. Thomas
|
|
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
|
|
|
Posted by Benjamin D. Thomas
|
|
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH.
|
|
|
Posted by Benjamin D. Thomas
|
|
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates. |
|
|
<< Start < Prev 157 158 159 Next > End >>
|
| Results 1093 - 1099 of 1403 |
