Security Advisories (formerly Vulnerability Notices)

Blog Articles

SA-2024-096 - Application Termination During Name Check (CVE-2024-6119)

SummaryApplications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address, resulting in abnormal termination of the applicat...

SA-2024-095 - OpenSSH Timing Attacks (CVE-2024-39894)

Summary OpenSSH sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystr...

SA-2024-094 - Amazon Corretto Multiple Vulnerabilities

Summary The following compiled CVEs are addressed in this security advisory:CVE-2024-21131CVE-2024-21138CVE-2024-21140CVE-2024-21147CVE-2024-21144CVE-2024-21145 Products Potentially Affected OS/Prod...