Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorybuffer overflowimportantSUSE: 2025:0005-1 critical: liboqs and oqs-provider buffer overflow
* bsc#1226162 * bsc#1226468 * bsc#1234292 Cross-References: . # Security update for liboqs, oqs-provider Announcement ID: SUSE-SU-2025:0005-1 Release Date: 2025-01-02T08:01:46Z Rating: important References: * bsc#1226162 * bsc#1226468 * bsc#1234292 Cross-References: * CVE-2024-36405 * CVE-2024-37305 * CVE-2024-54137 CVSS scores: * CVE-2024-36405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-37305 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2024-54137 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-54137 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for liboqs, oqs-provider fixes the following issues: This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update liboqs to 0.12.0: * This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST Round 3 version of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release. * This will be the last release of liboqs to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203). * The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in linewith NIST specifications. Users who have an opinion on this removal are invited to provide input at https://github.com/open-quantum-safe/liboqs/issues/2001. Security issues: * CVE-2024-54137: Fixed bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. (bsc#1234292) * new library major version 7 Updated to 0.11.0: * This release updates ML-KEM implementations to their final FIPS 203 https://csrc.nist.gov/pubs/fips/203/final versions . * This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. * Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1 https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures along with stateful hash-based signature schemes XMSS https://datatracker.ietf.org/doc/html/rfc8391 and LMS https://datatracker.ietf.org/doc/html/rfc8554. * Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from libjade https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2 * LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in CONFIGURE.md * Key encapsulation mechanisms: * Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from libjade. * ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML- KEM-768, and ML-KEM-1024 to FIP 203 version. * Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer. * Digital signature schemes: * LMS/XMSS: Added implementations of stateful hash-based signature schemes: XMSS and LMS * MAYO: Added portable C and AVX2implementations of MAYO signature scheme from NIST Additional Signatures Round 1. * CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1. * Other changes: * Added callback API to use custom implementations of AES, SHA2, and SHA3. * Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API. * new library major version 6 Updated to 0.10.1: * This release is a security release which fixes potential non-constant-time behaviour in ML-KEM and Kyber. (bsc#1226162 CVE-2024-36405) It also includes a fix for incorrectly named macros in the ML-DSA implementation. updated to 0.10.0: Key encapsulation mechanisms: * BIKE: Updated portable C implementation to include constant-time fixes from upstream. * HQC: Updated to NIST Round 4 version. * ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024. Digital signature schemes: * Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification. * ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87. Other changes: * Improved thread safety. * Removed support for the "NIST-KAT" DRBG. * Added extended KAT test programs. * library major version changed from 4 to 5 This update also updates oqs-provider to 0.7.0: * Adds support for MAYO from Round 1 of NISTâs Post-Quantum Signature On-Ramp process. * Adds support for CROSS from Round 1 of NISTâs Post-Quantum Signature On-Ramp process. * Updates ML-KEM's code points in line with internet draft draft-kwiatkowski- tls-ecdhe-mlkem-02. * Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with draft-kwiatkowski-tls-ecdhe-mlkem-02. Updated to 0.6.1: * CVE-2024-37305: Fixed buffer overflow in deserialization of hybrid keys and signatures (bsc#1226468) Updated to 0.6.0: * First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA * Support for Composite PQ operations * Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon. * Implementation of security code review recommendations * Support for more hybrid operations as fully documented here. * Support for extraction of classical and hybrid key material Updated to 0.5.3: * only tracking parallel liboqs security update Updated to 0.5.2: * Algorithm updates as documented in the liboqs 0.9.0 release notes * Standard coding style * Enhanced memory leak protection * Added community cooperation documentation * (optional) KEM algorithm en-/decoder feature Updated to 0.5.1: * Documentation update * document specs * General documentation overhaul * change TLS demo to use QSC alg * Build a module instead of a shared library. * explain groups in USAGE ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-5=1 openSUSE-SLE-15.6-2025-5=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-5=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * oqs-provider-debuginfo-0.7.0-150600.3.3.1 * liboqs7-debuginfo-0.12.0-150600.3.3.1 * oqs-provider-0.7.0-150600.3.3.1 * liboqs7-0.12.0-150600.3.3.1 * liboqs-devel-0.12.0-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * liboqs7-32bit-0.12.0-150600.3.3.1 * liboqs7-32bit-debuginfo-0.12.0-150600.3.3.1 *liboqs-devel-32bit-0.12.0-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * liboqs7-64bit-0.12.0-150600.3.3.1 * liboqs-devel-64bit-0.12.0-150600.3.3.1 * liboqs7-64bit-debuginfo-0.12.0-150600.3.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * oqs-provider-debuginfo-0.7.0-150600.3.3.1 * liboqs7-debuginfo-0.12.0-150600.3.3.1 * oqs-provider-0.7.0-150600.3.3.1 * liboqs7-0.12.0-150600.3.3.1 * liboqs-devel-0.12.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36405.html * https://www.suse.com/security/cve/CVE-2024-37305.html * https://www.suse.com/security/cve/CVE-2024-54137.html * https://bugzilla.suse.com/show_bug.cgi?id=1226162 * https://bugzilla.suse.com/show_bug.cgi?id=1226468 * https://bugzilla.suse.com/show_bug.cgi?id=1234292 . Patch rollout for liboqs and oqs-provider, tackling urgent vulnerabilities and improving cryptographic features.. SUSE Linux, liboqs update, security advisory, oqs-provider security, cryptographic algorithms. . Severity: Important. LinuxSecurity.com Team
Jan 02, 2025
•Important
SuSE
89
security advisoryFedoracryptographic algorithmsFedora 22: Critical Security Update Addressing Bouncy Castle CVE-2015-7940
Security fix for CVE-2015-7940. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-7d95466eda 2016-01-04 16:02:44.028206 -------------------------------------------------------------------------------- Name : bouncycastle Product : Fedora 22 Version : 1.50 Release : 8.fc22 URL : https://www.bouncycastle.org/ Summary : Bouncy Castle Crypto Package for Java Description : The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-7940 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1276272 - CVE-2015-7940 bouncycastle: Invalid curve attack allowing to extract private keys https://bugzilla.redhat.com/show_bug.cgi?id=1276272 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bouncycastle' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jan 04, 2016
•Critical
Fedora
98
security advisoryRed Hat Enterprise Linuxsecurity impactUrgent Update: GnuTLS Certificate Vulnerability in RHEL 6 RHSA-2014:0246-01
Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: gnutls security update Advisory ID: RHSA-2014:0246-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0246.html Issue date: 2014-03-03 CVE Names: CVE-2014-0092 ==================================================================== 1. Summary: Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092) TheCVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1069865 - CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: gnutls-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-utils-2.8.5-13.el6_5.i686.rpm x86_64: gnutls-2.8.5-13.el6_5.i686.rpm gnutls-2.8.5-13.el6_5.x86_64.rpm gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm gnutls-utils-2.8.5-13.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-devel-2.8.5-13.el6_5.i686.rpm gnutls-guile-2.8.5-13.el6_5.i686.rpm x86_64: gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm gnutls-devel-2.8.5-13.el6_5.i686.rpm gnutls-devel-2.8.5-13.el6_5.x86_64.rpm gnutls-guile-2.8.5-13.el6_5.i686.rpm gnutls-guile-2.8.5-13.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: gnutls-2.8.5-13.el6_5.i686.rpm gnutls-2.8.5-13.el6_5.x86_64.rpm gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm gnutls-utils-2.8.5-13.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v.6): Source: x86_64: gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm gnutls-devel-2.8.5-13.el6_5.i686.rpm gnutls-devel-2.8.5-13.el6_5.x86_64.rpm gnutls-guile-2.8.5-13.el6_5.i686.rpm gnutls-guile-2.8.5-13.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: gnutls-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-devel-2.8.5-13.el6_5.i686.rpm gnutls-utils-2.8.5-13.el6_5.i686.rpm ppc64: gnutls-2.8.5-13.el6_5.ppc.rpm gnutls-2.8.5-13.el6_5.ppc64.rpm gnutls-debuginfo-2.8.5-13.el6_5.ppc.rpm gnutls-debuginfo-2.8.5-13.el6_5.ppc64.rpm gnutls-devel-2.8.5-13.el6_5.ppc.rpm gnutls-devel-2.8.5-13.el6_5.ppc64.rpm gnutls-utils-2.8.5-13.el6_5.ppc64.rpm s390x: gnutls-2.8.5-13.el6_5.s390.rpm gnutls-2.8.5-13.el6_5.s390x.rpm gnutls-debuginfo-2.8.5-13.el6_5.s390.rpm gnutls-debuginfo-2.8.5-13.el6_5.s390x.rpm gnutls-devel-2.8.5-13.el6_5.s390.rpm gnutls-devel-2.8.5-13.el6_5.s390x.rpm gnutls-utils-2.8.5-13.el6_5.s390x.rpm x86_64: gnutls-2.8.5-13.el6_5.i686.rpm gnutls-2.8.5-13.el6_5.x86_64.rpm gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm gnutls-devel-2.8.5-13.el6_5.i686.rpm gnutls-devel-2.8.5-13.el6_5.x86_64.rpm gnutls-utils-2.8.5-13.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-guile-2.8.5-13.el6_5.i686.rpm ppc64: gnutls-debuginfo-2.8.5-13.el6_5.ppc.rpm gnutls-debuginfo-2.8.5-13.el6_5.ppc64.rpm gnutls-guile-2.8.5-13.el6_5.ppc.rpm gnutls-guile-2.8.5-13.el6_5.ppc64.rpm s390x: gnutls-debuginfo-2.8.5-13.el6_5.s390.rpm gnutls-debuginfo-2.8.5-13.el6_5.s390x.rpm gnutls-guile-2.8.5-13.el6_5.s390.rpm gnutls-guile-2.8.5-13.el6_5.s390x.rpm x86_64: gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm gnutls-guile-2.8.5-13.el6_5.i686.rpm gnutls-guile-2.8.5-13.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: gnutls-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-devel-2.8.5-13.el6_5.i686.rpm gnutls-utils-2.8.5-13.el6_5.i686.rpm x86_64: gnutls-2.8.5-13.el6_5.i686.rpm gnutls-2.8.5-13.el6_5.x86_64.rpm gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm gnutls-devel-2.8.5-13.el6_5.i686.rpm gnutls-devel-2.8.5-13.el6_5.x86_64.rpm gnutls-utils-2.8.5-13.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-guile-2.8.5-13.el6_5.i686.rpm x86_64: gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm gnutls-guile-2.8.5-13.el6_5.i686.rpm gnutls-guile-2.8.5-13.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-0092 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. . The advisory from Red Hat outlines an important patch for gnutls that resolves vulnerabilities related to the verification of X.509 certificates.. GnuTLS Update, Red Hat Enterprise Linux, Important Security Patch. . Severity: Important. LinuxSecurity.com Team
Mar 03, 2014
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!