search for: vuls

Displaying 20 results from an estimated 134 matches for "vuls".

Did you mean: vals
2008 Jul 09
2
CentOS Patch for http://www.kb.cert.org/vuls/id/800113
Will there be a BIND patch available for this vulnerability, for CentOS 3.9? http://www.kb.cert.org/vuls/id/800113
1999 Dec 04
2
confusion over RSAref vul w/OpenSS[HL]
Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit for it yet. I could be a bad boy and just run all
2007 Mar 02
0
Matrix looping
Hi all, I am having a problem getting my fucntion to work correctly. Here is my problem. I have three ages: Nage<-c(1,2,3) I have an weight matrix: Wt<-c( 0.04952867, 0.23808432, 0.34263880) I have an age schedule of maturity: Mat<-c(0,1,1) where 0 is not mature, and 1 is mature I have a vulnerability schedule: Vul<-c(0,1,1) I have an survivorship schedule:
2005 Jun 24
1
Any status on timestamp vulnerability fix for 4.X?
Any information on when (or if) the following timestamp vulnerability will be fixed for 4.X? Any information would be appreciated. http://www.kb.cert.org/vuls/id/637934 Thanks. Richard Coleman rcoleman@criticalmagic.com
2008 Feb 06
2
What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
...ixed in the CVS repository. http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 PROVIDED AND/OR DISCOVERED BY: US-CERT credits Shoichi Sakane. NetBSD credits the Coverity Prevent analysis tool. ORIGINAL ADVISORY: US-CERT VU#110947: http://www.kb.cert.org/vuls/id/110947
2015 Jan 19
2
cannot update W7 or linux clients
...{ 192.168.16.0/24; }; // Defined ACL End options { directory "/var/cache/bind"; version "0.0.7"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 208.67.222.222; 208.67.220.220; }; //======...
2015 Jun 15
5
OpenSSH and CBC
...ve/ The reality is that all of the CBC mode ciphers are vulnerable and this includes the old standby [3DES-CBC] and even, likely, [BLOWFISH-CBC]. We can look at the references provided by the Retina finding for a more detailed analysis. The first is the reference from CERT: http://www.kb.cert.org/vuls/id/958563 This clearly states that ALL CBC mode ciphers are vulnerable and that the only real mitigation is to use CTR mode, or other secure ciphers which do not use Cipher Block Chaining (like [ARCFOUR]). The last reference is from OpenSSH: http://openssh.org/txt/cbc.adv They basically suggest...
2005 Oct 26
3
splash screen
Is the splash screen RLE is standard 640x480x4 or a modified one because I can neither open the file in Photoshop CS2 (Windows under ext2fsd) or Gimp 2.2 (Linux 2.6.12.16ubuntu) and I am unable to decipher Perl scripts. Will syslinux support standard RLE?
2003 Oct 17
1
Bugs in openssh
Hi, We are using your product openssh 2.3.0p1 and we should upgrade to openssh 3.7.1p1 mainly for better SSH2 support but also for the bug reported on <http://www.kb.cert.org/vuls/id/333628> Is this problem located on the server side or on the client side, or both? Regards, Carin Andersson Software Developer Ericsson AB
2011 Dec 12
1
Using sha256sum instead of md5sum for package checksums
...s for the MD5SUM method of hashing, so it is possible to modify a file and make it have the same MD5SUM as another file. See this link for details on Collision Attacks: http://en.wikipedia.org/wiki/Collision_attack Recommendation from the US-CERT concerning MD5SUM hashes: http://www.kb.cert.org/vuls/id/836068 Based on the above information, the CentOS team will be using sha256sum (sha-2) and not md5sum to generate future hashes for posting on our e-mail announcements to the CentOS Announce Mailing List. Thanks, Johnny Hughes The CentOS Project -------------- next part -------------- A non-t...
2011 Dec 12
1
Using sha256sum instead of md5sum for package checksums
...s for the MD5SUM method of hashing, so it is possible to modify a file and make it have the same MD5SUM as another file. See this link for details on Collision Attacks: http://en.wikipedia.org/wiki/Collision_attack Recommendation from the US-CERT concerning MD5SUM hashes: http://www.kb.cert.org/vuls/id/836068 Based on the above information, the CentOS team will be using sha256sum (sha-2) and not md5sum to generate future hashes for posting on our e-mail announcements to the CentOS Announce Mailing List. Thanks, Johnny Hughes The CentOS Project -------------- next part -------------- A non-t...
2011 Dec 23
1
Borderlands GPF
Running Borderlands GOTY on Wine 1.3.35 with WINEPREFIX=win32 on amd64 with WINEDEBUG=warn+all produces the following error log: http://paste.ubuntu.com/779465/ (warning: 8 MB) A tl;dr of this is GPF followed by std::terminate->abort() due to pure virtual function call. What am I doing wrong, as a Gold rating on appdb implies that the game should be working? -- 001100 Andrey
2005 May 19
1
Is the "tcp time stamp validation issue" fixed in 5.4?
Hello I'm a bit confused about the "tcp time stamp validation bug" mentioned in the http://www.kb.cert.org/vuls/id/637934 advisory. FreeBSD has fixed this issue in -current (2005-04-10) and in RELENG_5 (2005-04-19). Is this also already fixed in 5.4? The CVS ID for tcp_input.c does not look like this. But I'm not sure. Regards, Thomas
2005 May 23
1
TCP timestamp vulnerability
On May 19, 2005, at 5:53 AM, Christian Brueffer wrote: > Hi, > > fixes for the vulnerability described in http://www.kb.cert.org/ > vuls/id/637934 > were checked in to CURRENT and RELENG_5 by ps in April. > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c > > Revisions 1.270 and 1.252.2.16 > > He didn't commit it to RELENG_5_4 for some reason, so 5.4 shipped with > it. > > My gues...
2001 Aug 21
2
OpenSSH 2.9p2 / SSH3 vulnerability?
I have a few questions: 1) Is OpenSSH 2.9p2 (or any other version of OpenSSH) vulnerable to the same problem as SSH3.0.0? (described here: http://www.kb.cert.org/vuls/id/737451 ) 2) There is a "SECURID" patch in the contrib section since 2.5.2p2. I am using it, but applying this patch to each new version is growing more difficult as time goes on. Would you consider merging this function into the core of openssh? (with a configure flag and everything...
2004 Sep 13
2
Kerberos 5 Security Alert?
...ly. Alternatively, apply the appropriate source code patch(es) referenced in MITKRB5-SA-2004-002 and MITKRB5-SA-2004-003 and recompile. These vulnerabilities will be addressed in krb5-1.3.5. Appendix A. References * Vulnerability Note VU#795632 - <http://www.kb.cert.org/vuls/id/795632> * Vulnerability Note VU#866472 - <http://www.kb.cert.org/vuls/id/866472> * Vulnerability Note VU#350792 - <http://www.kb.cert.org/vuls/id/350792> * Vulnerability Note VU#550464 - <http://www.kb.cert.org/vuls/id/550464> * M...
1999 Oct 21
0
SECURITY: [RHSA-1999:043] New wu-ftpd packages available
.... References: CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD http://www.cert.org AUSCERT Advisory AA-1999.01 ftp://www.auscert.org.au/security/advisory/AA-1999.01.wu-ftpd.mapping_chdir.vul AUSCERT Advisory AA-1999.02 ftp://www.auscert.org.au/security/advisory/AA-1999.02.multi.wu-ftpd.vuls Cristian -- ---------------------------------------------------------------------- Cristian Gafton -- gafton@redhat.com -- Red Hat, Inc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "How could this be a problem in a country where we have Intel and...
2002 Feb 12
0
FreeBSD Ports Security Advisory FreeBSD-SA-02:11.snmp
...nmp/files/patch-aclocal.m4 1.1 - ------------------------------------------------------------------------- VII. References <URL:http://www.cert.org/advisories/CA-2002-03.html> <URL:http://www.ee.oulu.fi/research/ouspg/protos/> <URL:http://www.kb.cert.org/vuls/id/107186> <URL:http://www.kb.cert.org/vuls/id/854306> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCUAwUBPGmij1UuHi5z0oilAQGFQgP4ku0xC5v8hKJBXYbiSXmwVDpHpV6WHIWP zuTSiyvKbUX7nKm6c9IMB+5ep2/SGdJXxWos+YZcncv8VgR5i47K1M1dYXwwniRg...
1999 Oct 21
1
[RHSA-1999:042-01] screen defaults to not using Unix98 ptys
.... References: CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD http://www.cert.org AUSCERT Advisory AA-1999.01 ftp://www.auscert.org.au/security/advisory/AA-1999.01.wu-ftpd.mapping_chdir.vul AUSCERT Advisory AA-1999.02 ftp://www.auscert.org.au/security/advisory/AA-1999.02.multi.wu-ftpd.vuls Cristian - -- - ---------------------------------------------------------------------- Cristian Gafton -- gafton@redhat.com -- Red Hat, Inc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "How could this be a problem in a country where we have Intel...
2024 May 01
2
De-serialization vulnerability?
All, There seems to be a hullaboo about a vulnerability in R when deserializing untrusted data: https://hiddenlayer.com/research/r-bitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-27322 https://www.kb.cert.org/vuls/id/238194 Apparently a fix was made for R 4.4.0, but I see no mention of it in the changes report: https://cloud.r-project.org/bin/windows/base/NEWS.R-4.4.0.html Is this real? Were there changes in R 4.4.0 that aren't reported? Of course, we should *always* update to the most recent versi...