Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorycriticalpatchSUSE: 2014:1220-3 Critical Update: Mozilla NSS RSA Forgery Issue
An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It includes one version update. includes one version update.. SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1220-3 Rating: important References: #897890 Cross-References: CVE-2014-1568 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libfreebl3-9775 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.4.2.1 mozilla-nss-3.16.5-0.4.2.1 mozilla-nss-tools-3.16.5-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.4.2.1 mozilla-nss-32bit-3.16.5-0.4.2.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.16.5]: mozilla-nss-3.16.5-0.5.1 mozilla-nss-devel-3.16.5-0.5.1 mozilla-nss-tools-3.16.5-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.16.5]: mozilla-nss-32bit-3.16.5-0.5.1 References: https://www.suse.com/security/cve/CVE-2014-1568.html https://bugzilla.suse.com/show_bug.cgi?id=897890 https://scc.suse.com:443/patches/ https://scc.suse.com:443/patches/ . The significant security patch issued by SUSE for mozilla-nss tackles CVE-2014-1568, reinforcing the protection of the system.. SUSE Linux, Mozilla NSS, RSA Forgery, Security Update, Patch Instructions. . Severity: Important. LinuxSecurity.com Team
Sep 30, 2014
•Important
SuSE
100
security advisoryimportantsystem updateSUSE 12 SP3: 2021:1304-1 Critical: Firefox SSL Certificate Weakness
An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It includes one version update. includes one version update.. SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1220-2 Rating: important References: #897890 Cross-References: CVE-2014-1568 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Mozilla NSS was updated to 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libfreebl3-9774 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.4.2.1 mozilla-nss-3.16.5-0.4.2.1 mozilla-nss-devel-3.16.5-0.4.2.1 mozilla-nss-tools-3.16.5-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.4.2.1 mozilla-nss-32bit-3.16.5-0.4.2.1 References: https://www.suse.com/security/cve/CVE-2014-1568.html https://bugzilla.suse.com/show_bug.cgi?id=897890 https://scc.suse.com:443/patches/ . Critical patch released for SUSE: Mozilla NSS fixes RSA certificate spoofing issue. Vital upgrade for safeguarding systems.. SUSE Linux, Mozilla NSS, Security Patch, RSA Forgery, System Update. . Severity: Important. LinuxSecurity.com Team
Sep 29, 2014
•Important
SuSE
100
security advisorynetwork securitysoftware updateSUSE: 2014:1230-2 Critical: Mozilla NSS TLS Vulnerability Mitigation
An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It includes one version update. includes one version update.. SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1220-1 Rating: important References: #897890 Cross-References: CVE-2014-1568 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libfreebl3-9777 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patchslessp3-libfreebl3-9777 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libfreebl3-9777 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libfreebl3-9777 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.16.5]: mozilla-nss-devel-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.7.1 libsoftokn3-3.16.5-0.7.1 mozilla-nss-3.16.5-0.7.1 mozilla-nss-tools-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.7.1 libsoftokn3-32bit-3.16.5-0.7.1 mozilla-nss-32bit-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.7.1 libsoftokn3-3.16.5-0.7.1 mozilla-nss-3.16.5-0.7.1 mozilla-nss-tools-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.7.1 libsoftokn3-32bit-3.16.5-0.7.1 mozilla-nss-32bit-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.16.5]: libfreebl3-x86-3.16.5-0.7.1 libsoftokn3-x86-3.16.5-0.7.1 mozilla-nss-x86-3.16.5-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.7.1 libsoftokn3-3.16.5-0.7.1 mozilla-nss-3.16.5-0.7.1 mozilla-nss-tools-3.16.5-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.7.1 libsoftokn3-32bit-3.16.5-0.7.1 mozilla-nss-32bit-3.16.5-0.7.1 References: https://www.suse.com/security/cve/CVE-2014-1568.html https://bugzilla.suse.com/show_bug.cgi?id=897890 https://scc.suse.com:443/patches/ . SUSE releases a security noticefor mozila-nss, tackling a serious RSA certificate impersonation vulnerability found in their application.. SUSE Linux Security, Mozilla NSS Update, RSA Forgery Fix, Linux Patch Management. . Severity: Important. LinuxSecurity.com Team
Sep 27, 2014
•Important
SuSE
91
security advisorygentoonormal severityGentoo GLSA-202310-09 Critical: RSA Forgery in Opera Browser
Opera fails to correctly verify certain signatures.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200609-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: RSA signature forgery Date: September 28, 2006 Bugs: #147838 ID: 200609-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Opera fails to correctly verify certain signatures. Background ========= Opera is a multi-platform web browser. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 9.0.2 > = 9.0.2 Description ========== Opera makes use of OpenSSL, which fails to correctly verify PKCS #1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates with exponent 3. Impact ===== An attacker could forge certificates which will appear valid and signed by a trusted CA. Workaround ========= There is no known workaround at this time. Resolution ========= All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-client/opera-9.0.2" References ========= [ 1 ] Opera Advisory https://www.opera.com:443/help [ 2 ] GLSA 200609-05 https://security.gentoo.org/glsa/200609-05 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200609-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 28, 2006
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!