Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisoryupdateFedoraFedora 38: 2023-3e84bba241 Moderate: Tang Race Condition Fix
Fixes CVE-2023-1672. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-3e84bba241 2023-06-23 01:00:55.101941 --------------------------------------------------------------------------------Name : tang Product : Fedora 38 Version : 14 Release : 1.fc38 URL : https://github.com/latchset/tang Summary : Network Presence Binding Daemon Description : Tang is a small daemon for binding data to the presence of a third party. --------------------------------------------------------------------------------Update Information: Fixes CVE-2023-1672 --------------------------------------------------------------------------------ChangeLog: * Wed Jun 14 2023 Sergio Arroutbi - 14-1 - New upstream release - v14 Resolves: rhbz#2180990 --------------------------------------------------------------------------------References: [ 1 ] Bug #2180999 - CVE-2023-1672 tang: Race condition exists in the key generation and rotation functionality https://bugzilla.redhat.com/show_bug.cgi?id=2180999 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-3e84bba241' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 23, 2023
Fedora
91
security advisoryGentooinformation leakGentoo: GLSA-202007-62 Normal: Weak Key Generation in PyCrypto
A flaw in PyCrypto allow remote attackers to obtain sensitive information.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-62 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PyCrypto: Weak key generation Date: July 31, 2020 Bugs: #703682 ID: 202007-62 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A flaw in PyCrypto allow remote attackers to obtain sensitive information. Background ========= PyCrypto is the Python Cryptography Toolkit. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-python/pycrypto
Jul 31, 2020
Gentoo
202
security advisorymoderateupdateopenSUSE: 2020:0955-1 Moderate: mozilla-nss Key Generation Risk
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0955-1 Rating: moderate References: #1168669 #1173032 Cross-References: CVE-2020-12402 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-955=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): libfreebl3-3.53.1-lp152.2.4.1 libfreebl3-debuginfo-3.53.1-lp152.2.4.1 libfreebl3-hmac-3.53.1-lp152.2.4.1 libsoftokn3-3.53.1-lp152.2.4.1 libsoftokn3-debuginfo-3.53.1-lp152.2.4.1 libsoftokn3-hmac-3.53.1-lp152.2.4.1 mozilla-nss-3.53.1-lp152.2.4.1 mozilla-nss-certs-3.53.1-lp152.2.4.1 mozilla-nss-certs-debuginfo-3.53.1-lp152.2.4.1 mozilla-nss-debuginfo-3.53.1-lp152.2.4.1 mozilla-nss-debugsource-3.53.1-lp152.2.4.1 mozilla-nss-devel-3.53.1-lp152.2.4.1 mozilla-nss-sysinit-3.53.1-lp152.2.4.1 mozilla-nss-sysinit-debuginfo-3.53.1-lp152.2.4.1 mozilla-nss-tools-3.53.1-lp152.2.4.1 mozilla-nss-tools-debuginfo-3.53.1-lp152.2.4.1 - openSUSE Leap 15.2 (x86_64): libfreebl3-32bit-3.53.1-lp152.2.4.1 libfreebl3-32bit-debuginfo-3.53.1-lp152.2.4.1 libfreebl3-hmac-32bit-3.53.1-lp152.2.4.1 libsoftokn3-32bit-3.53.1-lp152.2.4.1 libsoftokn3-32bit-debuginfo-3.53.1-lp152.2.4.1 libsoftokn3-hmac-32bit-3.53.1-lp152.2.4.1 mozilla-nss-32bit-3.53.1-lp152.2.4.1 mozilla-nss-32bit-debuginfo-3.53.1-lp152.2.4.1 mozilla-nss-certs-32bit-3.53.1-lp152.2.4.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-lp152.2.4.1 mozilla-nss-sysinit-32bit-3.53.1-lp152.2.4.1 mozilla-nss-sysinit-32bit-debuginfo-3.53.1-lp152.2.4.1 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1173032 -- . The recent update for mozilla-nss fixes a critical vulnerability in RSA key generation that could be exploited through side channel methods and enhances FIPS compliance. openSUSE Security Update, Mozilla NSS Fix, RSA Key Generation Security. . Severity: Important. LinuxSecurity.com Team
Jul 13, 2020
•Important
OpenSUSE
202
security advisorymoderatepatchopenSUSE: 2018:2597-1 Moderate: libressl Timing Attack Fix
An update that solves two vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for libressl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2597-1 Rating: moderate References: #1065363 #1086778 #1097779 Cross-References: CVE-2018-12434 CVE-2018-8970 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libressl to version 2.8.0 fixes the following issues: Security issues fixed: - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. (boo#1097779) - Reject excessively large primes in DH key generation. - CVE-2018-8970: Fixed a bug in int_x509_param_set_hosts, calling strlen() if name length provided is 0 to match the OpenSSL behaviour. (boo#1086778) - Fixed an out-of-bounds read and crash in DES-fcrypt (boo#1065363) You can find a detailed list of changes [here]( .txt). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-953=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libcrypto43-2.8.0-11.1 libcrypto43-debuginfo-2.8.0-11.1 libressl-2.8.0-11.1 libressl-debuginfo-2.8.0-11.1 libressl-debugsource-2.8.0-11.1 libressl-devel-2.8.0-11.1 libssl45-2.8.0-11.1 libssl45-debuginfo-2.8.0-11.1 libtls17-2.8.0-11.1 libtls17-debuginfo-2.8.0-11.1 - openSUSE Leap 42.3 (x86_64): libcrypto43-32bit-2.8.0-11.1 libcrypto43-debuginfo-32bit-2.8.0-11.1 libressl-devel-32bit-2.8.0-11.1 libssl45-32bit-2.8.0-11.1 libssl45-debuginfo-32bit-2.8.0-11.1 libtls17-32bit-2.8.0-11.1 libtls17-debuginfo-32bit-2.8.0-11.1 - openSUSE Leap 42.3 (noarch): libressl-devel-doc-2.8.0-11.1 References: https://www.suse.com/security/cve/CVE-2018-12434.html https://www.suse.com/security/cve/CVE-2018-8970.html https://bugzilla.suse.com/1065363 https://bugzilla.suse.com/1086778 https://bugzilla.suse.com/1097779 -- . This modification tackles several concerns in libressl for openSUSE Leap 15.1, enhancing safety and dependability.. libressl Update, openSUSE Security Update, libressl Fixes. . LinuxSecurity.com Team
Sep 04, 2018
OpenSUSE
172
security advisorycriticalsoftware updateUbuntu: 3138-1 Critical: Python-Cryptography Key Generation Flaw
python-cryptography could generate incorrect keys.. =========================================================================Ubuntu Security Notice USN-3138-1 November 28, 2016 python-cryptography vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS Summary: python-cryptography could generate incorrect keys. Software Description: - python-cryptography: Cryptography Python library Details: Markus Döring discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: python-cryptography 1.5-2ubuntu0.1 python3-cryptography 1.5-2ubuntu0.1 Ubuntu 16.04 LTS: python-cryptography 1.2.3-1ubuntu0.1 python3-cryptography 1.2.3-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3138-1 CVE-2016-9243 Package Information: https://launchpad.net/ubuntu/+source/python-cryptography/1.5-2ubuntu0.1 https://launchpad.net/ubuntu/+source/python-cryptography/1.2.3-1ubuntu0.1 . Critical alert regarding python-cryptography flaw impacting Ubuntu platforms—verify the integrity and precision of your key generation.. Python Cryptography, Cryptography Fix, Ubuntu Security Notice. . Severity: Critical. LinuxSecurity.com Team
Nov 28, 2016
•Critical
Ubuntu
87
security advisoryDebianprogramming errorDebian: DSA-2502-1 Critical: Python-Crypto Remote Programming Error
It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute force . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2502-1
Jun 24, 2012
•Critical
Debian
91
security advisorygentooremote attackGentoo GLSA 201206-23 Normal: PyCrypto Weak Key Generation Risk
PyCrypto generates weak ElGamal keys.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PyCrypto: Weak key generation Date: June 24, 2012 Bugs: #417625 ID: 201206-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= PyCrypto generates weak ElGamal keys. Background ========= PyCrypto is the Python Cryptography Toolkit. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-python/pycrypto < 2.6 > = 2.6 Description ========== An error in the generate() function in ElGamal.py causes PyCrypto to generate weak ElGamal keys. Impact ===== A remote attacker might be able to derive private keys. Workaround ========= There is no known workaround at this time. Resolution ========= All PyCrypto users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-python/pycrypto-2.6" References ========= [ 1 ] CVE-2012-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2417 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201206-23 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 24, 2012
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!