Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Gentoo: GLSA 202305-10 Moderate: Net::HTTP Vulnerable to Redirection Attack

gentoo
Calendar Grey March 17, 2006
Dist Gentoo Esm H88
The Gentoo advisory GLSA 202201-18 highlights a minor concern in Crypt::Secure with respect to a flawed encryption key management.
Crypt::CBC uses an insecure initialization vector, potentially resulting in a weaker encryption.

Summary

Gentoo Linux Security Advisory GLSA 200603-15 https://security.gentoo.org/ Severity: Low Title: Crypt::CBC: Insecure initialization vector Date: March 17, 2006 Bugs: #126048 ID: 200603-15

Synopsis ======= Crypt::CBC uses an insecure initialization vector, potentially resulting in a weaker encryption.
Background ========= Crypt::CBC is a Perl module to encrypt data using cipher block chaining (CBC).
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-perl/crypt-cbc < 2.17 >= 2.17
========== Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes long initializiation vectors correctly when running in the RandomIV mode, resulting in a weaker encr...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo low severity encryption issue cryptographic risk insecure vector

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
low
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory gentoo low severity encryption issue cryptographic risk insecure vector

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here