all InfoSec news
USN-6560-1: OpenSSH vulnerabilities
Dec. 19, 2023, 1:02 p.m. |
Ubuntu security notices ubuntu.com
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue. (CVE-2023-48795)
Luci Stanescu discovered that OpenSSH incorrectly added destination
constraints when smartcard keys were added to ssh-agent, contrary to
expectations. …
algorithms attack attacker communications extension extensions features intercept issue marcus messages negotiation openssh protocol ssh ssh communications truncated update usn vulnerabilities vulnerable
More from ubuntu.com / Ubuntu security notices
USN-6754-1: nghttp2 vulnerabilities
2 days, 19 hours ago |
ubuntu.com
USN-6753-1: CryptoJS vulnerability
2 days, 21 hours ago |
ubuntu.com
USN-6751-1: Zabbix vulnerabilities
2 days, 21 hours ago |
ubuntu.com
USN-6752-1: FreeRDP vulnerabilities
3 days, 3 hours ago |
ubuntu.com
USN-6750-1: Thunderbird vulnerabilities
3 days, 14 hours ago |
ubuntu.com
USN-6743-3: Linux kernel (Azure) vulnerabilities
3 days, 19 hours ago |
ubuntu.com
USN-6657-2: Dnsmasq vulnerabilities
3 days, 22 hours ago |
ubuntu.com
USN-6748-1: Sanitize vulnerabilities
4 days, 12 hours ago |
ubuntu.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Lead Technical Product Manager - Threat Protection
@ Mastercard | Remote - United Kingdom
Data Privacy Officer
@ Banco Popular | San Juan, PR
GRC Security Program Manager
@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
Cyber Security Engineer
@ ASSYSTEM | Warrington, United Kingdom
Privacy Engineer, Technical Audit
@ Meta | Menlo Park, CA