Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Manage smartcards with new p11-kit subcommands

P11-kit is an integral component to enable Hardware Security Module (HSM) and related technologies around PKCS#11. Over the years, its focus had mostly been on the library, with the bundled command-line tools not receiving much attention. When the user wanted to perform operations on the HSM or smartcard, they typically had to use tools from other packages. The most popular ones include p11tool from GnuTLS, modutil from NSS, and pkcs11-tool from OpenSC.With p11-kit 0.25.1 release, the p11-kit command-line tool bundled with p11-kit has been extended with a handful of utilities, to make it possi

Red Hat Blog
#mac#apache#perl#nginx#auth#ssl
Red Hat Security Advisory 2024-0773-03

Red Hat Security Advisory 2024-0773-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Red Hat Security Advisory 2024-0772-03

Red Hat Security Advisory 2024-0772-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Red Hat Security Advisory 2024-0771-03

Red Hat Security Advisory 2024-0771-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

2054, Part VI: Standoff at Arlington

“This eruption of violence had been brewing for years, through successive economic collapses, pandemics, and the utter dysfunction that had become American life.” An exclusive excerpt from 2054: A Novel.

CISA and Fortinet Warns of New FortiOS Zero-Day Flaws

By Deeba Ahmed Patch Now or Get Hacked: Researchers Confirm Potentially Active Exploitation of One of the FortiOS Flaws in the Wild. This is a post from HackRead.com Read the original post: CISA and Fortinet Warns of New FortiOS Zero-Day Flaws

GHSA-37vr-vmg4-jwpw: Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these ...

IBM i Access Client Solutions Remote Credential Theft

IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.

Ubuntu Security Notice USN-6628-1

Ubuntu Security Notice 6628-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

Red Hat Security Advisory 2024-0748-03

Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.