Security updates have been issued by Arch Linux (konversation), Debian (graphicsmagick and konversation), Fedora (git-annex, ImageMagick, kernel, and libgcrypt), Oracle (kernel), Red Hat (httpd), SUSE (firefox, nss), and Ubuntu (perl and postgresql-9.3, postgresql-9.5, postgresql-9.6).
Security updates have been issued by Arch Linux (chromium, libzip, and openssl), Debian (chromium-browser, otrs2, slurm-llnl, and tomcat7), Fedora (kernel, libgcrypt, nodejs, php, poppler, qemu, rpm, and wget), openSUSE (chromium), Red Hat (chromium-browser and rhvm-appliance), SUSE (krb5 and qemu), and Ubuntu (openjdk-8).
Security updates have been issued by Arch Linux (apache and ettercap), Debian (gdk-pixbuf and newsbeuter), Red Hat (kernel), Slackware (httpd, libgcrypt, and ruby), SUSE (kernel), and Ubuntu (bind9, kernel, libidn2-0, libxml2, linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-lts-trusty, and linux-lts-xenial).
Security updates have been issued by Arch Linux (ffmpeg, lib32-libgcrypt, libgcrypt, linux-zen, and newsbeuter), Debian (emacs25, freexl, and tomcat8), Fedora (cyrus-imapd, FlightGear, freexl, gdm, kernel, LibRaw, ruby, and xen), Gentoo (binutils, chkrootkit, curl, gdk-pixbuf, gimps, git, kpathsea, mod_gnutls, perl, squirrelmail, subversion, supervisor, and webkit-gtk), Mageia (389-ds-base, kernel, kernel-linus, kernel-tmb, and mpg123), openSUSE (ffmpeg, ffmpeg2, qemu, and xen), Slackware (kernel), SUSE (xen), and Ubuntu (gdk-pixbuf).
Security updates have been issued by Arch Linux (flashplugin, kernel, lib32-flashplugin, and linux-lts), CentOS (postgresql), Debian (tcpdump and wordpress-shibboleth), Fedora (lightdm, python-django, and tomcat), Mageia (flash-player-plugin and libsndfile), openSUSE (chromium, cvs, kernel, and libreoffice), Oracle (postgresql), and Ubuntu (libgcrypt20 and thunderbird).
Security updates have been issued by Debian (freerdp, mbedtls, tiff, and tiff3), Fedora (chromium, krb5, libstaroffice, mbedtls, mingw-libidn2, mingw-openjpeg2, openjpeg2, and rubygems), Mageia (bzr, libarchive, libgcrypt, and tcpdump), openSUSE (gdk-pixbuf, libidn2, mpg123, postgresql94, postgresql96, and xen), Slackware (bash, mariadb, and tcpdump), and SUSE (evince and kernel).
Security updates have been issued by Debian (libgcrypt20, poppler, and wordpress), Fedora (cvs, java-1.8.0-openjdk-aarch32, and postgresql), Mageia (gstreamer0.10-plugins-base, gstreamer1.0-plugins-base and libgit2), openSUSE (exim), Red Hat (instack-undercloud, openvswitch, and poppler), Scientific Linux (poppler), SUSE (kernel and quagga), and Ubuntu (linux-lts-trusty).
Security updates have been issued by CentOS (graphite2 and java-1.8.0-openjdk), Debian (atril, bind9, catdoc, and qemu), Fedora (glpi, GraphicsMagick, heimdal, kernel, nodejs, perl-XML-LibXML, and qt5-qtwebengine), Gentoo (adobe-flash), Mageia (c-ares, expat, flash-player-plugin, gnutls, libgcrypt, libtiff, sane, and tnef), openSUSE (evince and xorg-x11-server), Scientific Linux (graphite2), Slackware (seamonkey), and Ubuntu (heimdal and linux-lts-trusty).
The GnuPG Project has announced the availability of Libgcrypt 1.8.0.
“This is a new stable version of Libgcrypt with full API
and ABI compatibility to the 1.7 series. Its main features are support
Blake-2, XTS mode, an improved RNG, and performance improvements for the
Security updates have been issued by Arch Linux (apache, evince, and mosquitto), Debian (apache2, evince, heimdal, and knot), Fedora (c-ares, cacti, evince, GraphicsMagick, httpd, jabberd, libgcrypt, openvas-cli, openvas-gsa, openvas-libraries, openvas-manager, openvas-scanner, poppler, qt5-qtwebengine, qt5-qtwebkit, spatialite-tools, and sqlite), openSUSE (gnutls, ncurses, qemu, and xorg-x11-server), Slackware (mariadb and samba), SUSE (cryptctl), and Ubuntu (heimdal and samba).
Security updates have been issued by Debian (bind9, jetty, mpg123, phpldapadmin, sqlite3, and xorg-server), Fedora (bind, bind99, dhcp, drupal7, GraphicsMagick, httpd, irssi, jetty, jetty-alpn, jetty-test-helper, libdb, libgcrypt, mosquitto, ocaml, pius, qt5-qtwebkit, tomcat, xen, and zabbix), Gentoo (feh, gajim, game-music-emu, jasper, libcroco, libsndfile, man-db, nm-applet, openslp, phpmyadmin, roundcube, virglrenderer, and vlc), openSUSE (irssi, kernel, libgcrypt, and xen), Slackware (irssi and php), and Ubuntu (poppler).
Security updates have been issued by CentOS (bind and qemu-kvm), Debian (jabberd2, libclamunrar, libgcrypt11, radare2, and tiff), Fedora (bind, bind-dyndb-ldap, dnsperf, kdepim4, kf5-messagelib, kmail, and php-horde-Horde-Image), Oracle (bind and qemu-kvm), SUSE (ncurses), and Ubuntu (ntp, samba, and thunderbird).
A recent paper [PDF] by
a group of eight cryptography researchers shows, once again, how
cryptographic breakthroughs are made. They often start small, with just a
reduction in the strength of a cipher or key search space, say, but then grow
over time to reach the point of a full-on breaking of a cipher or the
implementation of one. In this case, the RSA
implementation in Libgcrypt
for 1024-bit keys has been fully broken using a side-channel
attack against the operation of the library—2048-bit keys are also
susceptible, but not with the same reliability, at least using this exact
Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/NsgNol1ZoHY/
Some clever boffins including Internet software pioneer djb have gotten libgcrypt cracked via a Side-Channel attack which has to do with the direction of a sliding window carried out in the library. Patches have already been released so update your Linux servers ASAP, even though honestly it seems like a fairly theoretical attack (this…
Read the full post at darknet.org.uk