Home Short-News

Short-News

Short-News: Critical Oracle Java 7/8 patch for CVE-2016-0636 (remote code execution)

Oracle released a critical patch for Java 7/8 which patches CVE-2016-0636 – a remote code execution. This is a patch which has been released between two normal Oracle Java “Patch-Days”. This should be enough proof that the vulnerability is indeed critical. To quote Oracle: Due to the severity of this vulnerability and the public disclosure of […]

SSLv2 Protocol “DROWN” security flaw – CVE-2016-0800

Short News: Critical vulnerability in Network Security Services (nss-util) – CVE-2016-1950

It has been discovered that the nss-util (Network Security Services) is affected by a critical vulnerability. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use […]

“Secure” config for OpenSSH 6.6 Ubuntu 14.04

Short News: Incoming OpenSSL patch – release of version 1.0.2g/1.0.1s

The incoming release of OpenSSL versions – has just been announced on the OpenSSL mailing list. As usual on such release pre-notifications there ain’t many details known. These releases will be made available on 1st March 2016 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity “high”. – OpenSSL Announcement Please […]

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow vulnerability

Short News: Twitch.tv breach

Twitch.tv, the live streaming platform now owned by Amazon.com, might have suffered a data breach. In a short blog post on the Twitch Blog, they state that […] there may have been unauthorized access to some Twitch user account information […] – Twitch Blog They’ve disconnected all associated twitter and steam accounts and forced a […]

Short News: OpenSSL…”FREAK” attack

And once again an OpenSSL vulnerability has been disclosed. It was disclosed by Karthikeyan Bhargavan and the mitLS team. As every vulnerability needs a fancy name these days, this one is called FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be […]