Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisorysecurity issuemoderate severityMageia: 2021-0492 Moderate: Opencryptoki Invalid Curve Attack
It was discovered that openCryptoki incorrectly handled certain EC keys. An attacker could possibly use this issue to cause a invalid curve attack. References: - https://bugs.mageia.org/show_bug.cgi?id=29328 . MGASA-2021-0492 - Updated opencryptoki packages fix security vulnerability Publication date: 27 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0492.html Type: security Affected Mageia releases: 8 It was discovered that openCryptoki incorrectly handled certain EC keys. An attacker could possibly use this issue to cause a invalid curve attack. References: - https://bugs.mageia.org/show_bug.cgi?id=29328 - https://ubuntu.com/security/notices/USN-5031-1 - https://lists.fedoraproject.org/archives/list/
Oct 27, 2021
Mageia
172
security advisorysoftware updateubuntuUbuntu 21.04 USN-5031-1: Addressing openCryptoki Invalid Curve Attack
openCryptoki could be made to allow invalid curve attacks if it received a specially crafted key.. =========================================================================Ubuntu Security Notice USN-5031-1 August 04, 2021 opencryptoki vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 Summary: openCryptoki could be made to allow invalid curve attacks if it received a specially crafted key. Software Description: - opencryptoki: PKCS#11 implementation (daemon) Details: It was discovered that openCryptoki incorrectly handled certain EC keys. An attacker could possibly use this issue to cause a invalid curve attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: libopencryptoki0 3.15.1+dfsg-0ubuntu1.2 opencryptoki 3.15.1+dfsg-0ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5031-1 https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780 Package Information: https://launchpad.net/ubuntu/+source/opencryptoki/3.15.1+dfsg-0ubuntu1.2 . The Ubuntu Security Announcement USN-5032-1 warns of a vulnerability in the openCryptoki package that may allow exploitation of invalid signatures. Update your system now!. openCryptoki Vulnerability, Invalid Curve Attack, Ubuntu Update Advisories. . Severity: Important. LinuxSecurity.com Team
Aug 04, 2021
•Important
Ubuntu
203
security advisorycriticalauthenticationMageia: 2019-0176 Critical: FreeRADIUS Authentication Issues
An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim (CVE-2019-11234). . MGASA-2019-0176 - Updated freeradius packages fix security vulnerability Publication date: 18 May 2019 URL: https://advisories.mageia.org/MGASA-2019-0176.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-11234, CVE-2019-11235 An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim (CVE-2019-11234). An invalid curve attack allows an attacker to authenticate as any user (without knowing the password). The problem is that on the reception of an EAP-PWD Commit frame, FreeRADIUS doesn't verify whether the received elliptic curve point is valid (CVE-2019-11235). References: - https://bugs.mageia.org/show_bug.cgi?id=24762 - https://bugzilla.redhat.com/show_bug.cgi?id=1695748 - https://bugzilla.redhat.com/show_bug.cgi?id=1695783 - https://access.redhat.com/errata/RHSA-2019:1131 - https://www.cve.org/CVERecord?id=CVE-2019-11234 - https://www.cve.org/CVERecord?id=CVE-2019-11235 SRPMS: - 6/core/freeradius-3.0.15-1.1.mga6 . Mageia 2023-0045 addresses security flaws in OpenSSH, introducing essential enhancements to safeguard connections.. freeradius update,mageia security,authentication fix,critical security advisory. . Severity: Critical. LinuxSecurity.com Team
May 18, 2019
•Critical
Mageia
200
security advisoryimportantattackSciLinux 7 Important: SLSA-2019-1131-1 Freeradius Authentication Bypass
freeradius: eap-pwd: authentication bypass via an invalid curve attack (CVE-2019-11235) * freeradius: eap-pwd: fake authentication using reflection (CVE-2019-11234) SL7 x86_64 freeradius-3.0.13-10.el7_6.x86_64.rpm freeradius-debuginfo-3.0.13-10.el7_6.x86_64.rpm freeradius-debuginfo-3.0.13-10.el7_6.i686.rpm freeradius-devel-3.0.13-10.el7_6.i686.rpm freeradius-devel-3.0.1 [More...]. Synopsis: Important: freeradius security update Advisory ID: SLSA-2019:1131-1 Issue Date: 2019-05-09 CVE Numbers: CVE-2019-11235 CVE-2019-11234 -- Security Fix(es): * freeradius: eap-pwd: authentication bypass via an invalid curve attack (CVE-2019-11235) * freeradius: eap-pwd: fake authentication using reflection (CVE-2019-11234) -- SL7 x86_64 freeradius-3.0.13-10.el7_6.x86_64.rpm freeradius-debuginfo-3.0.13-10.el7_6.x86_64.rpm freeradius-debuginfo-3.0.13-10.el7_6.i686.rpm freeradius-devel-3.0.13-10.el7_6.i686.rpm freeradius-devel-3.0.13-10.el7_6.x86_64.rpm freeradius-doc-3.0.13-10.el7_6.x86_64.rpm freeradius-krb5-3.0.13-10.el7_6.x86_64.rpm freeradius-ldap-3.0.13-10.el7_6.x86_64.rpm freeradius-mysql-3.0.13-10.el7_6.x86_64.rpm freeradius-perl-3.0.13-10.el7_6.x86_64.rpm freeradius-postgresql-3.0.13-10.el7_6.x86_64.rpm freeradius-python-3.0.13-10.el7_6.x86_64.rpm freeradius-sqlite-3.0.13-10.el7_6.x86_64.rpm freeradius-unixODBC-3.0.13-10.el7_6.x86_64.rpm freeradius-utils-3.0.13-10.el7_6.x86_64.rpm - Scientific Linux Development Team . Important freeradius update addressing authentication bypass issues from invalid curve attacks.. freeradius, authentication bypass, invalid curve, security update. . Severity: Important. LinuxSecurity.com Team
May 09, 2019
•Important
Scientific Linux
87
security advisoryhigh severitydebianDebian DSA-3417-1 High: Bouncy Castle Invalid Curve Attack
Tibor Jager, Jörg Schwenk, and Juraj Somorovsky, from Horst Görtz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3417-1
Dec 14, 2015
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!