Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot
Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and
Yuval Yarom discovered that GnuPG is prone to a local side-channel
attack allowing full key recovery for RSA-1024.
Red Hat Enterprise Linux: An update for openssh is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
This is the 30 day notification for the End of Production Phase 2 of
Red Hat Enterprise Virtualization 3.x.
RHN Satellite and Proxy: An updated cdn-sync-mappings package that makes Red Hat Enterprise Linux 7.4
content available to Red Hat Satellite 5.8 is now available.
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner’s password via a brute-force attack on the embedded password hash.
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.