| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH5b-BVfVsszB6VNAz+bBy5Z1NGfdnTW7+OnZrniWhAKVph5Jw@mail.gmail.com> Date: Sat, 9 Nov 2013 09:59:06 +0100 From: yersinia <yersinia.spiros@...il.com> To: coderman <coderman@...il.com> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: OpenSSH Security Advisory: gcmrekey.adv On Fri, Nov 8, 2013 at 7:47 PM, coderman <coderman@...il.com> wrote: > surprised not a peep about this one here yet,... hmmm > a fun one ;) > > we are accustomed to old software adding risk; > new (secondary effects of combined AUTH+ENC modes) > also carries risk! Well know possibility, yes. In any case the problem is well know everywhere already https://security-tracker.debian.org/tracker/CVE-2013-4548 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4548 Best _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists