(Jul 29) Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More…]
Ubuntu: 1919-1: Linux kernel vulnerability
(Jul 29) The system could be made to crash or run programs as an administrator.
Ubuntu: 1914-1: Linux kernel vulnerability
(Jul 29) The system could be made to crash or run programs as an administrator.
Debian: 2731-1: libgcrypt11: information leak
(Jul 29) Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More…]
(Jul 27) Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query. [More…]