Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":2,"type":"x","order":3,"pct":66.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -8 articles for you...
89

Fedora 23: FEDORA-2016-65b7608d8b Critical: OkHttp Certificate Bypass

This update fixes a security vulnerability which allows an attacker to bypass certificate pinning and cause OkHttp not not to validate that the pinned certificate was in the chain to a trusted certificate authority.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-65b7608d8b 2016-02-29 18:03:52.031144 -------------------------------------------------------------------------------- Name : okhttp Product : Fedora 23 Version : 2.7.4 Release : 1.fc23 URL : https://square.github.io/okhttp/ Summary : An HTTP+SPDY client for Java applications Description : An HTTP+SPDY client for Android and Java applications. -------------------------------------------------------------------------------- Update Information: This update fixes a security vulnerability which allows an attacker to bypass certificate pinning and cause OkHttp not not to validate that the pinned certificate was in the chain to a trusted certificate authority. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1308851 - CVE-2016-2402 okhttp: certificate pining bypass https://bugzilla.redhat.com/show_bug.cgi?id=1308851 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update okhttp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . This patch addresses a vulnerability in OkHttp that enablesit to skip certificate verification, which impacts users on Fedora 23.. OkHttp Security Update,Fedora 23 Advisory,Certificate Pinning Flaw,Bug Redhat 1308851. . LinuxSecurity.com Team

Calendar%202 Feb 29, 2016 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":2,"type":"x","order":3,"pct":66.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200