Home 2016 March

Short-News: Critical Oracle Java 7/8 patch for CVE-2016-0636 (remote code execution)

Oracle released a critical patch for Java 7/8 which patches CVE-2016-0636 – a remote code execution. This is a patch which has been released between two normal Oracle Java “Patch-Days”. This should be enough proof that the vulnerability is indeed critical. To quote Oracle: Due to the severity of this vulnerability and the public disclosure of […]

SSLv2 Protocol “DROWN” security flaw – CVE-2016-0800

Short News: Critical vulnerability in Network Security Services (nss-util) – CVE-2016-1950

It has been discovered that the nss-util (Network Security Services) is affected by a critical vulnerability. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use […]

“Secure” config for OpenSSH 6.6 Ubuntu 14.04

SSLv2 Protocol “DROWN” security flaw – CVE-2016-0800

As announced by the OpenSSL team some days ago, a new fix for several high severe vulnerabilities have been released. The main vulnerability is called “DROWN” (once again with a fancy logo, of course). Detailed information can be found on www.drownattack.com CVSS V2 Base Score 5.8 Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:N Access Vector Network Access Complexity Medium Authentication […]

Critical OpenSSL update is live!