{"id": "FEDORA_2013-2110.NASL", "bulletinFamily": "scanner", "title": "Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)", "description": "- Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2013-02-18T00:00:00", "modified": "2015-10-19T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64651", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=908238", "http://www.nessus.org/u?83207cc1"], "cvelist": ["CVE-2013-1619"], "type": "nessus", "lastseen": "2019-01-16T20:15:40", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-1619"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "- Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "366f1d656476459a9b93e0b583a1dd85a4d4af416b0190e62bd5f219959aba74", "hashmap": [{"hash": "0b722b3d37e86728356f0204df47727d", "key": "description"}, {"hash": "5a1d923d1a6dbcf1d1e11d9657878b6c", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6fa2f8b9223e2a26c310474ee2569a9e", "key": "sourceData"}, {"hash": "ad98cd15155e3fcb9004f91f3a5befd6", "key": "href"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "e24b912330e8186d2c202921054d2f9d", "key": "title"}, {"hash": "9934e02f2dcbc6b05a648d23b727456e", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "452cd45cff271fe9a314af79f9c946cd", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "1f72477ff44f4d633d1a66eb1da0027b", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "b82bdc1879e285e3d80370cdfcd4bd60", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64651", "id": "FEDORA_2013-2110.NASL", "lastseen": "2016-09-26T17:23:03", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "64651", "published": "2013-02-18T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=908238", "http://www.nessus.org/u?83207cc1"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2110.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64651);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:37:39 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"FEDORA\", value:\"2013-2110\");\n\n script_name(english:\"Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=908238\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83207cc1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mingw-gnutls-2.12.22-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-gnutls\");\n}\n", "title": "Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:03"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:mingw-gnutls"], "cvelist": ["CVE-2013-1619"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "f8a86e560af73380452e5b6028d350f230a4d4b547dc163c0cfe91e2fa4a18db", "hashmap": [{"hash": "0b722b3d37e86728356f0204df47727d", "key": "description"}, {"hash": "5a1d923d1a6dbcf1d1e11d9657878b6c", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6fa2f8b9223e2a26c310474ee2569a9e", "key": "sourceData"}, {"hash": "ad98cd15155e3fcb9004f91f3a5befd6", "key": "href"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "e24b912330e8186d2c202921054d2f9d", "key": "title"}, {"hash": "9934e02f2dcbc6b05a648d23b727456e", "key": "references"}, {"hash": "fdceede9f9de217f4b024c7319d4674b", "key": "cpe"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "452cd45cff271fe9a314af79f9c946cd", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "b82bdc1879e285e3d80370cdfcd4bd60", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64651", "id": "FEDORA_2013-2110.NASL", "lastseen": "2018-08-30T19:29:49", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "64651", "published": "2013-02-18T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=908238", "http://www.nessus.org/u?83207cc1"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2110.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64651);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:37:39 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"FEDORA\", value:\"2013-2110\");\n\n script_name(english:\"Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=908238\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83207cc1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mingw-gnutls-2.12.22-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-gnutls\");\n}\n", "title": "Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:29:49"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:mingw-gnutls"], "cvelist": ["CVE-2013-1619"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "- Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "04e735e51115f6a5ca88d8bd8ffe3568c2c46ba32b3dee4279bf992a48f981c3", "hashmap": [{"hash": "0b722b3d37e86728356f0204df47727d", "key": "description"}, {"hash": "5a1d923d1a6dbcf1d1e11d9657878b6c", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6fa2f8b9223e2a26c310474ee2569a9e", "key": "sourceData"}, {"hash": "ad98cd15155e3fcb9004f91f3a5befd6", "key": "href"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "e24b912330e8186d2c202921054d2f9d", "key": "title"}, {"hash": "9934e02f2dcbc6b05a648d23b727456e", "key": "references"}, {"hash": "fdceede9f9de217f4b024c7319d4674b", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "452cd45cff271fe9a314af79f9c946cd", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "1f72477ff44f4d633d1a66eb1da0027b", "key": "cvss"}, {"hash": "b82bdc1879e285e3d80370cdfcd4bd60", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64651", "id": "FEDORA_2013-2110.NASL", "lastseen": "2018-09-01T23:32:51", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "64651", "published": "2013-02-18T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=908238", "http://www.nessus.org/u?83207cc1"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2110.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64651);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:37:39 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"FEDORA\", value:\"2013-2110\");\n\n script_name(english:\"Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=908238\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83207cc1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mingw-gnutls-2.12.22-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-gnutls\");\n}\n", "title": "Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-09-01T23:32:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:mingw-gnutls"], "cvelist": ["CVE-2013-1619"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "- Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "04e735e51115f6a5ca88d8bd8ffe3568c2c46ba32b3dee4279bf992a48f981c3", "hashmap": [{"hash": "0b722b3d37e86728356f0204df47727d", "key": "description"}, {"hash": "5a1d923d1a6dbcf1d1e11d9657878b6c", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6fa2f8b9223e2a26c310474ee2569a9e", "key": "sourceData"}, {"hash": "ad98cd15155e3fcb9004f91f3a5befd6", "key": "href"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "e24b912330e8186d2c202921054d2f9d", "key": "title"}, {"hash": "9934e02f2dcbc6b05a648d23b727456e", "key": "references"}, {"hash": "fdceede9f9de217f4b024c7319d4674b", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "452cd45cff271fe9a314af79f9c946cd", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "1f72477ff44f4d633d1a66eb1da0027b", "key": "cvss"}, {"hash": "b82bdc1879e285e3d80370cdfcd4bd60", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64651", "id": "FEDORA_2013-2110.NASL", "lastseen": "2017-10-29T13:33:00", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "64651", "published": "2013-02-18T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=908238", "http://www.nessus.org/u?83207cc1"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2110.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64651);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:37:39 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"FEDORA\", value:\"2013-2110\");\n\n script_name(english:\"Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=908238\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83207cc1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mingw-gnutls-2.12.22-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-gnutls\");\n}\n", "title": "Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:33:00"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "fdceede9f9de217f4b024c7319d4674b"}, {"key": "cvelist", "hash": "5a1d923d1a6dbcf1d1e11d9657878b6c"}, {"key": "cvss", "hash": "1f72477ff44f4d633d1a66eb1da0027b"}, {"key": "description", "hash": "75669ff31496dfb16f2843f91ac7dcfc"}, {"key": "href", "hash": "ad98cd15155e3fcb9004f91f3a5befd6"}, {"key": "modified", "hash": "9a00910eeedb8c835c4637a953896665"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "b82bdc1879e285e3d80370cdfcd4bd60"}, {"key": "published", "hash": "452cd45cff271fe9a314af79f9c946cd"}, {"key": "references", "hash": "9934e02f2dcbc6b05a648d23b727456e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "6fa2f8b9223e2a26c310474ee2569a9e"}, {"key": "title", "hash": "e24b912330e8186d2c202921054d2f9d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ce54d00cf117652441c40234b485edc1a9bdb4a2fb5f1cc64eb52a21eb7f081d", "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2110.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64651);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:37:39 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"FEDORA\", value:\"2013-2110\");\n\n script_name(english:\"Fedora 18 : mingw-gnutls-2.12.22-1.fc18 (2013-2110)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 2.12.22.\n\n - Applied patches for CVE-2013-1619.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=908238\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83207cc1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mingw-gnutls-2.12.22-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-gnutls\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "64651", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:mingw-gnutls"]}

{"cve": [{"lastseen": "2016-09-03T18:11:45", "references": ["http://www.ubuntu.com/usn/USN-1752-1", "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html", "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0", "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1", "http://openwall.com/lists/oss-security/2013/02/05/24", "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html", "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html", "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198", "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html", "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html", "http://rhn.redhat.com/errata/RHSA-2013-0588.html"], "edition": 1, "description": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.", "reporter": "NVD", "published": "2013-02-08T14:55:01", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CVE-2013-1619", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-1619"], "scanner": [], "modified": "2014-03-26T00:46:17", "cpe": ["cpe:/a:gnu:gnutls:2.1.3", "cpe:/a:gnu:gnutls:2.8.3", "cpe:/a:gnu:gnutls:2.2.0", "cpe:/a:gnu:gnutls:2.12.13", "cpe:/a:gnu:gnutls:3.0.18", "cpe:/a:gnu:gnutls:2.1.7", "cpe:/a:gnu:gnutls:2.4.0", "cpe:/a:gnu:gnutls:2.1.5", "cpe:/a:gnu:gnutls:2.1.2", "cpe:/a:gnu:gnutls:2.3.9", "cpe:/a:gnu:gnutls:2.4.1", "cpe:/a:gnu:gnutls:2.10.2", "cpe:/a:gnu:gnutls:3.1.2", "cpe:/a:gnu:gnutls:2.5.0", "cpe:/a:gnu:gnutls:3.0.1", "cpe:/a:gnu:gnutls:2.12.8", "cpe:/a:gnu:gnutls:2.2.4", "cpe:/a:gnu:gnutls:3.1.0", "cpe:/a:gnu:gnutls:2.12.9", "cpe:/a:gnu:gnutls:2.3.5", "cpe:/a:gnu:gnutls:2.1.4", "cpe:/a:gnu:gnutls:3.0.9", "cpe:/a:gnu:gnutls:2.0.0", "cpe:/a:gnu:gnutls:2.3.7", "cpe:/a:gnu:gnutls:2.6.1", "cpe:/a:gnu:gnutls:2.0.3", "cpe:/a:gnu:gnutls:2.12.11", "cpe:/a:gnu:gnutls:3.0.4", "cpe:/a:gnu:gnutls:2.12.6.1", "cpe:/a:gnu:gnutls:3.0.8", "cpe:/a:gnu:gnutls:3.1.4", "cpe:/a:gnu:gnutls:3.0.0", "cpe:/a:gnu:gnutls:2.2.3", "cpe:/a:gnu:gnutls:3.0.26", "cpe:/a:gnu:gnutls:2.3.1", "cpe:/a:gnu:gnutls:2.10.1", "cpe:/a:gnu:gnutls:3.0.15", "cpe:/a:gnu:gnutls:2.12.17", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/a:gnu:gnutls:3.0.6", "cpe:/a:gnu:gnutls:2.12.5", "cpe:/a:gnu:gnutls:2.3.0", "cpe:/a:gnu:gnutls:2.3.3", "cpe:/a:gnu:gnutls:2.4.2", "cpe:/a:gnu:gnutls:2.12.22", "cpe:/a:gnu:gnutls:3.0.2", "cpe:/a:gnu:gnutls:2.3.10", "cpe:/a:gnu:gnutls:3.1.3", "cpe:/a:gnu:gnutls:2.7.4", "cpe:/a:gnu:gnutls:3.0.21", "cpe:/a:gnu:gnutls:2.10.3", "cpe:/a:gnu:gnutls:2.8.1", "cpe:/a:gnu:gnutls:2.12.19", "cpe:/a:gnu:gnutls:2.1.8", "cpe:/a:gnu:gnutls:2.4.3", "cpe:/a:gnu:gnutls:3.0.16", "cpe:/a:gnu:gnutls:2.12.16", "cpe:/a:gnu:gnutls:2.6.2", "cpe:/a:gnu:gnutls:2.12.18", "cpe:/a:gnu:gnutls:2.8.4", "cpe:/a:gnu:gnutls:2.12.2", "cpe:/a:gnu:gnutls:2.12.7", "cpe:/a:gnu:gnutls:2.6.6", "cpe:/a:gnu:gnutls:3.0.22", "cpe:/a:gnu:gnutls:2.8.6", "cpe:/a:gnu:gnutls:2.12.14", "cpe:/a:gnu:gnutls:2.12.6", "cpe:/a:gnu:gnutls:3.0.13", "cpe:/a:gnu:gnutls:2.12.3", "cpe:/a:gnu:gnutls:2.0.1", "cpe:/a:gnu:gnutls:2.12.12", "cpe:/a:gnu:gnutls:2.8.2", "cpe:/a:gnu:gnutls:2.10.5", "cpe:/a:gnu:gnutls:2.10.0", "cpe:/a:gnu:gnutls:2.6.4", "cpe:/a:gnu:gnutls:3.0.7", "cpe:/a:gnu:gnutls:3.0.17", "cpe:/a:gnu:gnutls:2.3.6", "cpe:/a:gnu:gnutls:2.12.4", "cpe:/a:gnu:gnutls:3.1.6", "cpe:/a:gnu:gnutls:2.3.11", "cpe:/a:gnu:gnutls:2.12.1", "cpe:/a:gnu:gnutls:3.0.25", "cpe:/a:gnu:gnutls:2.2.5", "cpe:/a:gnu:gnutls:2.3.4", "cpe:/a:gnu:gnutls:3.1.5", "cpe:/a:gnu:gnutls:2.6.0", "cpe:/a:gnu:gnutls:3.0.14", "cpe:/a:gnu:gnutls:2.0.4", "cpe:/a:gnu:gnutls:3.0.20", "cpe:/a:gnu:gnutls:2.1.6", "cpe:/a:gnu:gnutls:2.2.2", "cpe:/a:gnu:gnutls:2.6.3", "cpe:/a:gnu:gnutls:2.0.2", "cpe:/a:gnu:gnutls:3.0.11", "cpe:/a:gnu:gnutls:3.0.27", "cpe:/a:gnu:gnutls:2.6.5", "cpe:/a:gnu:gnutls:3.1.1", "cpe:/a:gnu:gnutls:2.1.0", "cpe:/a:gnu:gnutls:2.8.0", "cpe:/a:gnu:gnutls:3.0", "cpe:/a:gnu:gnutls:2.12.21", "cpe:/a:gnu:gnutls:2.12.0", "cpe:/a:gnu:gnutls:2.1.1", "cpe:/a:gnu:gnutls:2.12.20", "cpe:/a:gnu:gnutls:2.3.8", "cpe:/a:gnu:gnutls:2.2.1", "cpe:/a:gnu:gnutls:2.10.4", "cpe:/a:gnu:gnutls:3.0.23", "cpe:/a:gnu:gnutls:2.12.10", "cpe:/a:gnu:gnutls:3.0.19", "cpe:/a:gnu:gnutls:3.0.10", "cpe:/a:gnu:gnutls:3.0.12", "cpe:/a:gnu:gnutls:3.0.24", "cpe:/a:gnu:gnutls:2.3.2", "cpe:/a:gnu:gnutls:3.0.3", "cpe:/a:gnu:gnutls:3.0.5", "cpe:/a:gnu:gnutls:2.12.15"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1619", "id": "CVE-2013-1619", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "f5": [{"lastseen": "2016-11-09T00:10:02", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "reporter": "f5", "published": "2014-10-23T00:00:00", "title": "SOL15721 - GnuTLS vulnerability CVE-2013-1619", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-0169", "CVE-2013-1619"], "modified": "2014-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15721.html", "id": "SOL15721", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-09-01T23:58:00", "references": ["2013:0588", "http://lists.centos.org/pipermail/centos-announce/2013-March/019262.html"], "pluginID": "1361412562310881624", "description": "Check for the Version of gnutls", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-08T00:00:00", "title": "CentOS Update for gnutls CESA-2013:0588 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2013:0588 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that GnuTLS leaked timing information when decrypting\n TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.\n A remote attacker could possibly use this flaw to retrieve plain text from\n the encrypted packets by using a TLS/SSL server as a padding oracle.\n (CVE-2013-1619)\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted,\n or the system rebooted.\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"gnutls on CentOS 5\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019262.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881624\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:20:18 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:0588\");\n script_name(\"CentOS Update for gnutls CESA-2013:0588 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~10.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~10.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~10.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:57:44", "references": ["2013-2128", "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098851.html"], "pluginID": "1361412562310865360", "description": "Check for the Version of mingw-gnutls", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-18T00:00:00", "title": "Fedora Update for mingw-gnutls FEDORA-2013-2128", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310865360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2013-2128\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mingw-gnutls on Fedora 17\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098851.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865360\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-18 11:11:02 +0530 (Mon, 18 Feb 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-2128\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2013-2128\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.20~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-24T11:09:31", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100059.html", "2013-2984"], "pluginID": "865462", "description": "Check for the Version of libtasn1", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-15T00:00:00", "title": "Fedora Update for libtasn1 FEDORA-2013-2984", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-01-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865462", "id": "OPENVAS:865462", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2013-2984\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"libtasn1 on Fedora 17\";\ntag_insight = \"This is the ASN.1 library used in GNUTLS. More up to date information can\n be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100059.html\");\n script_id(865462);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:49:28 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-2984\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2013-2984\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.14~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:51:19", "references": ["https://www.redhat.com/archives/rhsa-announce/2013-March/msg00002.html", "2013:0588-01"], "pluginID": "870945", "description": "Check for the Version of gnutls", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-05T00:00:00", "title": "RedHat Update for gnutls RHSA-2013:0588-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870945", "id": "OPENVAS:870945", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2013:0588-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that GnuTLS leaked timing information when decrypting\n TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.\n A remote attacker could possibly use this flaw to retrieve plain text from\n the encrypted packets by using a TLS/SSL server as a padding oracle.\n (CVE-2013-1619)\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted,\n or the system rebooted.\";\n\n\ntag_affected = \"gnutls on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00002.html\");\n script_id(870945);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:42:44 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2013:0588-01\");\n script_name(\"RedHat Update for gnutls RHSA-2013:0588-01\");\n\n script_summary(\"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~10.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~2.8.5~10.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~10.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~10.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~10.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~1.4.1~10.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~10.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~10.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:51:39", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098837.html", "2013-2110"], "pluginID": "865362", "description": "Check for the Version of mingw-gnutls", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-18T00:00:00", "title": "Fedora Update for mingw-gnutls FEDORA-2013-2110", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865362", "id": "OPENVAS:865362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2013-2110\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mingw-gnutls on Fedora 18\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098837.html\");\n script_id(865362);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-18 11:11:54 +0530 (Mon, 18 Feb 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-2110\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2013-2110\");\n\n script_summary(\"Check for the Version of mingw-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.22~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-02T14:33:18", "references": ["https://alas.aws.amazon.com/ALAS-2013-172.html"], "pluginID": "1361412562310120556", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2013-172", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2013-172.nasl 6577 2017-07-06 13:43:46Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120556\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:31 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2013-172\");\n script_tag(name:\"insight\", value:\"It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619 )\");\n script_tag(name:\"solution\", value:\"Run yum update gnutls to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-172.html\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~10.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~10.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~2.8.5~10.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~10.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~10.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-18T11:09:42", "references": ["2013:0588", "http://lists.centos.org/pipermail/centos-announce/2013-March/019262.html"], "pluginID": "881624", "description": "Check for the Version of gnutls", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CentOS Update for gnutls CESA-2013:0588 centos5 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881624", "id": "OPENVAS:881624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2013:0588 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that GnuTLS leaked timing information when decrypting\n TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.\n A remote attacker could possibly use this flaw to retrieve plain text from\n the encrypted packets by using a TLS/SSL server as a padding oracle.\n (CVE-2013-1619)\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted,\n or the system rebooted.\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"gnutls on CentOS 5\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019262.html\");\n script_id(881624);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:20:18 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:0588\");\n script_name(\"CentOS Update for gnutls CESA-2013:0588 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~10.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~10.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~10.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:56:39", "references": ["2013:0588", "http://lists.centos.org/pipermail/centos-announce/2013-March/019620.html"], "pluginID": "1361412562310881676", "description": "Check for the Version of gnutls", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-12T00:00:00", "title": "CentOS Update for gnutls CESA-2013:0588 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881676", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2013:0588 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that GnuTLS leaked timing information when decrypting\n TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.\n A remote attacker could possibly use this flaw to retrieve plain text from\n the encrypted packets by using a TLS/SSL server as a padding oracle.\n (CVE-2013-1619)\n \n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted,\n or the system rebooted.\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"gnutls on CentOS 6\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019620.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881676\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:02:22 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:0588\");\n script_name(\"CentOS Update for gnutls CESA-2013:0588 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~10.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~10.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~10.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~10.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:56:12", "references": ["2013-3453", "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100102.html"], "pluginID": "1361412562310865452", "description": "Check for the Version of mingw-gnutls", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-15T00:00:00", "title": "Fedora Update for mingw-gnutls FEDORA-2013-3453", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310865452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865452", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2013-3453\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mingw-gnutls on Fedora 18\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100102.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865452\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:48:39 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-3453\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2013-3453\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mingw-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.23~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:56:38", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100122.html", "2013-3438"], "pluginID": "1361412562310865466", "description": "Check for the Version of mingw-gnutls", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-15T00:00:00", "title": "Fedora Update for mingw-gnutls FEDORA-2013-3438", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310865466", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2013-3438\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mingw-gnutls on Fedora 17\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100122.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865466\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:49:36 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-3438\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2013-3438\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.23~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:15:47", "references": ["http://www.nessus.org/u?6c638edf"], "pluginID": "65019", "description": "It was discovered that GnuTLS leaked timing information when\ndecrypting TLS/SSL protocol encrypted records when CBC-mode cipher\nsuites were used. A remote attacker could possibly use this flaw to\nretrieve plain text from the encrypted packets by using a TLS/SSL\nserver as a padding oracle. (CVE-2013-1619)\n\nFor the update to take effect, all applications linked to the GnuTLS\nlibrary must be restarted, or the system rebooted.", "edition": 6, "reporter": "Tenable", "published": "2013-03-05T00:00:00", "title": "Scientific Linux Security Update : gnutls on SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-12-31T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130304_GNUTLS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65019", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65019);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2013-1619\");\n\n script_name(english:\"Scientific Linux Security Update : gnutls on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that GnuTLS leaked timing information when\ndecrypting TLS/SSL protocol encrypted records when CBC-mode cipher\nsuites were used. A remote attacker could possibly use this flaw to\nretrieve plain text from the encrypted packets by using a TLS/SSL\nserver as a padding oracle. (CVE-2013-1619)\n\nFor the update to take effect, all applications linked to the GnuTLS\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=1802\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c638edf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-1.4.1-10.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-debuginfo-1.4.1-10.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-devel-1.4.1-10.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-utils-1.4.1-10.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"gnutls-2.8.5-10.el6_4.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-debuginfo-2.8.5-10.el6_4.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-devel-2.8.5-10.el6_4.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-guile-2.8.5-10.el6_4.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-utils-2.8.5-10.el6_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:15:52", "references": ["http://www.nessus.org/u?a2a9f239", "http://www.nessus.org/u?6e8e5647", "https://bugzilla.redhat.com/show_bug.cgi?id=908238"], "pluginID": "65234", "description": "Minor security and bugfix update from upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2013-03-13T00:00:00", "title": "Fedora 17 : gnutls-2.12.23-1.fc17 / libtasn1-2.14-1.fc17 (2013-2984)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:gnutls", "p-cpe:/a:fedoraproject:fedora:libtasn1"], "id": "FEDORA_2013-2984.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65234", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2984.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65234);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:15 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"FEDORA\", value:\"2013-2984\");\n\n script_name(english:\"Fedora 17 : gnutls-2.12.23-1.fc17 / libtasn1-2.14-1.fc17 (2013-2984)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor security and bugfix update from upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=908238\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100058.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2a9f239\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100059.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e8e5647\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls and / or libtasn1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"gnutls-2.12.23-1.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"libtasn1-2.14-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / libtasn1\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:17:07", "references": ["http://www.nessus.org/u?77f2b5f8"], "pluginID": "69519", "description": "New gnutls packages are available for Slackware 14.0, and -current to\nfix a security issue.", "edition": 5, "reporter": "Tenable", "published": "2013-09-02T00:00:00", "title": "Slackware 14.0 / current : gnutls (SSA:2013-242-01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2013-09-27T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.0", "p-cpe:/a:slackware:slackware_linux:gnutls", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2013-242-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69519", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-242-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69519);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/09/27 11:01:50 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"SSA\", value:\"2013-242-01\");\n\n script_name(english:\"Slackware 14.0 / current : gnutls (SSA:2013-242-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnutls packages are available for Slackware 14.0, and -current to\nfix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.354993\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77f2b5f8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"gnutls\", pkgver:\"3.0.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"3.0.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"gnutls\", pkgver:\"3.0.26\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"3.0.26\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:16:00", "references": [], "pluginID": "66054", "description": "Nadhem Alfardan and Kenny Paterson devised an attack that recovers\nsome bits of the plaintext of a GnuTLS session that utilizes that CBC\nciphersuites, by using timing information (CVE-2013-1619).\n\nThe gnutls package has been updated to latest 3.0.28 version to fix\nabove problem.", "edition": 6, "reporter": "Tenable", "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : gnutls (MDVSA-2013:040)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:libtasn1-tools", "p-cpe:/a:mandriva:linux:gnutls", "p-cpe:/a:mandriva:linux:lib64tasn1-devel", "p-cpe:/a:mandriva:linux:lib64gnutls-ssl27", "p-cpe:/a:mandriva:linux:lib64gnutls-devel", "p-cpe:/a:mandriva:linux:lib64gnutls28", "p-cpe:/a:mandriva:linux:lib64tasn1_3"], "id": "MANDRIVA_MDVSA-2013-040.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66054", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:040. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66054);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_xref(name:\"MDVSA\", value:\"2013:040\");\n script_xref(name:\"MGASA\", value:\"2013-0050\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gnutls (MDVSA-2013:040)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nadhem Alfardan and Kenny Paterson devised an attack that recovers\nsome bits of the plaintext of a GnuTLS session that utilizes that CBC\nciphersuites, by using timing information (CVE-2013-1619).\n\nThe gnutls package has been updated to latest 3.0.28 version to fix\nabove problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-ssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tasn1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"gnutls-3.0.28-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gnutls-devel-3.0.28-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gnutls-ssl27-3.0.28-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gnutls28-3.0.28-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64tasn1-devel-2.14-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64tasn1_3-2.14-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"libtasn1-tools-2.14-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:15:46", "references": ["https://usn.ubuntu.com/1752-1/"], "pluginID": "64928", "description": "Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as\nused in GnuTLS was vulnerable to a timing side-channel attack known as\nthe 'Lucky Thirteen' issue. A remote attacker could use this issue to\nperform plaintext-recovery attacks via analysis of timing data.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2013-02-28T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : gnutls13, gnutls26 vulnerability (USN-1752-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:libgnutls26", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libgnutls13"], "id": "UBUNTU_USN-1752-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1752-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64928);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"USN\", value:\"1752-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : gnutls13, gnutls26 vulnerability (USN-1752-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as\nused in GnuTLS was vulnerable to a timing side-channel attack known as\nthe 'Lucky Thirteen' issue. A remote attacker could use this issue to\nperform plaintext-recovery attacks via analysis of timing data.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1752-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgnutls13 and / or libgnutls26 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgnutls13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libgnutls13\", pkgver:\"2.0.4-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libgnutls26\", pkgver:\"2.8.5-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libgnutls26\", pkgver:\"2.10.5-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libgnutls26\", pkgver:\"2.12.14-5ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libgnutls26\", pkgver:\"2.12.14-5ubuntu4.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgnutls13 / libgnutls26\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:18:48", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=802651", "https://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html"], "pluginID": "75001", "description": "Changes in gnutls :\n\n - Fix bug[ bnc#802651] CVE-2013-1619( gnutls): Luck-13\n issue Add patch file: CVE-2013-1619.patch", "edition": 7, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2013:0807-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libgnutls28", "p-cpe:/a:novell:opensuse:libgnutls-extra28-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls-openssl-devel", "p-cpe:/a:novell:opensuse:libgnutlsxx28", "p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28-32bit", "p-cpe:/a:novell:opensuse:libgnutlsxx-devel", "p-cpe:/a:novell:opensuse:libgnutls-openssl27", "p-cpe:/a:novell:opensuse:libgnutls-extra28", "p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:libgnutls-devel", "p-cpe:/a:novell:opensuse:gnutls-debugsource", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:gnutls-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls-devel-32bit"], "id": "OPENSUSE-2013-428.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-428.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75001);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-1619\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2013:0807-1)\");\n script_summary(english:\"Check for the openSUSE-2013-428 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in gnutls :\n\n - Fix bug[ bnc#802651] CVE-2013-1619( gnutls): Luck-13\n issue Add patch file: CVE-2013-1619.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-debuginfo-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-debugsource-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-devel-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra-devel-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra28-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra28-debuginfo-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl-devel-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl27-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl27-debuginfo-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls28-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls28-debuginfo-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx-devel-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx28-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx28-debuginfo-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls-devel-32bit-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls28-32bit-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-32bit-3.0.3-5.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"gnutls-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"gnutls-debuginfo-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"gnutls-debugsource-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutls-devel-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutls-openssl-devel-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutls-openssl27-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutls-openssl27-debuginfo-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutls28-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutls28-debuginfo-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutlsxx-devel-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutlsxx28-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libgnutlsxx28-debuginfo-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libgnutls-devel-32bit-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libgnutls28-32bit-3.0.20-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-32bit-3.0.20-1.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-debugsource / libgnutls-devel / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:16:03", "references": ["http://support.novell.com/security/cve/CVE-2013-1619.html"], "pluginID": "66289", "description": "This GnuTLS update fixes incorrect padding which weakens the\nencryption. CVE-2013-1619 has been assigned to this issue.", "edition": 5, "reporter": "Tenable", "published": "2013-05-01T00:00:00", "title": "SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 8554)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2013-05-01T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GNUTLS-8554.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66289", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66289);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/05/01 10:52:06 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n\n script_name(english:\"SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 8554)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This GnuTLS update fixes incorrect padding which weakens the\nencryption. CVE-2013-1619 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1619.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8554.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gnutls-1.2.10-13.32.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gnutls-devel-1.2.10-13.32.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"gnutls-32bit-1.2.10-13.32.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.2.10-13.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"gnutls-1.2.10-13.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"gnutls-devel-1.2.10-13.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"gnutls-32bit-1.2.10-13.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.2.10-13.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:16:03", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=802651", "http://support.novell.com/security/cve/CVE-2013-1619.html"], "pluginID": "66287", "description": "This GnuTLS update fixes incorrect padding which weakens the\nencryption. CVE-2013-1619 has been assigned to this issue.", "edition": 5, "reporter": "Tenable", "published": "2013-05-01T00:00:00", "title": "SuSE 11.2 Security Update : GnuTLS (SAT Patch Number 7660)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit", "p-cpe:/a:novell:suse_linux:11:gnutls", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libgnutls-extra26", "p-cpe:/a:novell:suse_linux:11:libgnutls26"], "id": "SUSE_11_GNUTLS-130424.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66287", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66287);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:46:54 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n\n script_name(english:\"SuSE 11.2 Security Update : GnuTLS (SAT Patch Number 7660)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This GnuTLS update fixes incorrect padding which weakens the\nencryption. CVE-2013-1619 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1619.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7660.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"gnutls-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libgnutls26-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"gnutls-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libgnutls26-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"gnutls-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libgnutls-extra26-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libgnutls26-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libgnutls26-32bit-2.4.1-24.39.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.45.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:16:53", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-March/003328.html", "https://oss.oracle.com/pipermail/el-errata/2013-March/003323.html"], "pluginID": "68769", "description": "From Red Hat Security Advisory 2013:0588 :\n\nUpdated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nIt was discovered that GnuTLS leaked timing information when\ndecrypting TLS/SSL protocol encrypted records when CBC-mode cipher\nsuites were used. A remote attacker could possibly use this flaw to\nretrieve plain text from the encrypted packets by using a TLS/SSL\nserver as a padding oracle. (CVE-2013-1619)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the GnuTLS library must be\nrestarted, or the system rebooted.", "edition": 6, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : gnutls (ELSA-2013-0588)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:gnutls-utils", "p-cpe:/a:oracle:linux:gnutls", "p-cpe:/a:oracle:linux:gnutls-guile", "p-cpe:/a:oracle:linux:gnutls-devel"], "id": "ORACLELINUX_ELSA-2013-0588.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68769", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0588 and \n# Oracle Linux Security Advisory ELSA-2013-0588 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68769);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736, 57778);\n script_xref(name:\"RHSA\", value:\"2013:0588\");\n\n script_name(english:\"Oracle Linux 5 / 6 : gnutls (ELSA-2013-0588)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0588 :\n\nUpdated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nIt was discovered that GnuTLS leaked timing information when\ndecrypting TLS/SSL protocol encrypted records when CBC-mode cipher\nsuites were used. A remote attacker could possibly use this flaw to\nretrieve plain text from the encrypted packets by using a TLS/SSL\nserver as a padding oracle. (CVE-2013-1619)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the GnuTLS library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003323.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003328.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-1.4.1-10.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-devel-1.4.1-10.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-utils-1.4.1-10.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"gnutls-2.8.5-10.el6_4.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-devel-2.8.5-10.el6_4.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-guile-2.8.5-10.el6_4.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-utils-2.8.5-10.el6_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-guile / gnutls-utils\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:17:07", "references": ["http://www.nessus.org/u?bbfa43b9"], "pluginID": "69521", "description": "New gnutls packages are available for Slackware 14.0 and -current to\nfix a security issue. Sorry about having to reissue this one -- I\npulled it from ftp.gnu.org not realizing that the latest version there\nwas actually months out of date.", "edition": 5, "reporter": "Tenable", "published": "2013-09-02T00:00:00", "title": "Slackware 14.0 / current : gnutls (SSA:2013-242-03)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619"], "modified": "2013-09-27T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.0", "p-cpe:/a:slackware:slackware_linux:gnutls", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2013-242-03.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69521", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-242-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69521);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/09/27 11:01:50 $\");\n\n script_cve_id(\"CVE-2013-1619\");\n script_bugtraq_id(57736);\n script_xref(name:\"SSA\", value:\"2013-242-03\");\n\n script_name(english:\"Slackware 14.0 / current : gnutls (SSA:2013-242-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnutls packages are available for Slackware 14.0 and -current to\nfix a security issue. Sorry about having to reissue this one -- I\npulled it from ftp.gnu.org not realizing that the latest version there\nwas actually months out of date.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.374026\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbfa43b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"gnutls\", pkgver:\"3.0.31\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"3.0.31\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"gnutls\", pkgver:\"3.0.31\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"3.0.31\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:10", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0588.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "x86_64", "packageFilename": "gnutls-devel-2.8.5-10.9.amzn1.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "x86_64", "packageFilename": "gnutls-utils-2.8.5-10.9.amzn1.x86_64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "i686", "packageFilename": "gnutls-devel-2.8.5-10.9.amzn1.i686.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "x86_64", "packageFilename": "gnutls-debuginfo-2.8.5-10.9.amzn1.x86_64.rpm", "packageName": "gnutls-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "src", "packageFilename": "gnutls-2.8.5-10.9.amzn1.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "x86_64", "packageFilename": "gnutls-2.8.5-10.9.amzn1.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "x86_64", "packageFilename": "gnutls-guile-2.8.5-10.9.amzn1.x86_64.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "i686", "packageFilename": "gnutls-debuginfo-2.8.5-10.9.amzn1.i686.rpm", "packageName": "gnutls-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "i686", "packageFilename": "gnutls-2.8.5-10.9.amzn1.i686.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "i686", "packageFilename": "gnutls-guile-2.8.5-10.9.amzn1.i686.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.9.amzn1", "arch": "i686", "packageFilename": "gnutls-utils-2.8.5-10.9.amzn1.i686.rpm", "packageName": "gnutls-utils", "operator": "lt"}], "description": "**Issue Overview:**\n\nIt was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. ([CVE-2013-1619 __](<https://access.redhat.com/security/cve/CVE-2013-1619>))\n\n \n**Affected Packages:** \n\n\ngnutls\n\n \n**Issue Correction:** \nRun _yum update gnutls_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnutls-guile-2.8.5-10.9.amzn1.i686 \n gnutls-2.8.5-10.9.amzn1.i686 \n gnutls-debuginfo-2.8.5-10.9.amzn1.i686 \n gnutls-utils-2.8.5-10.9.amzn1.i686 \n gnutls-devel-2.8.5-10.9.amzn1.i686 \n \n src: \n gnutls-2.8.5-10.9.amzn1.src \n \n x86_64: \n gnutls-utils-2.8.5-10.9.amzn1.x86_64 \n gnutls-2.8.5-10.9.amzn1.x86_64 \n gnutls-devel-2.8.5-10.9.amzn1.x86_64 \n gnutls-debuginfo-2.8.5-10.9.amzn1.x86_64 \n gnutls-guile-2.8.5-10.9.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T22:41:00", "title": "Medium: gnutls", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:10", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "modified": "2014-09-15T22:41:00", "id": "ALAS-2013-172", "href": "https://alas.aws.amazon.com/ALAS-2013-172.html", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-02T16:55:11", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0883.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "x86_64", "packageFilename": "gnutls-utils-2.8.5-10.10.amzn1.x86_64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "src", "packageFilename": "gnutls-2.8.5-10.10.amzn1.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "x86_64", "packageFilename": "gnutls-devel-2.8.5-10.10.amzn1.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "i686", "packageFilename": "gnutls-guile-2.8.5-10.10.amzn1.i686.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "i686", "packageFilename": "gnutls-utils-2.8.5-10.10.amzn1.i686.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "x86_64", "packageFilename": "gnutls-2.8.5-10.10.amzn1.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "i686", "packageFilename": "gnutls-2.8.5-10.10.amzn1.i686.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "i686", "packageFilename": "gnutls-debuginfo-2.8.5-10.10.amzn1.i686.rpm", "packageName": "gnutls-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "i686", "packageFilename": "gnutls-devel-2.8.5-10.10.amzn1.i686.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "x86_64", "packageFilename": "gnutls-debuginfo-2.8.5-10.10.amzn1.x86_64.rpm", "packageName": "gnutls-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.8.5-10.10.amzn1", "arch": "x86_64", "packageFilename": "gnutls-guile-2.8.5-10.10.amzn1.x86_64.rpm", "packageName": "gnutls-guile", "operator": "lt"}], "description": "**Issue Overview:**\n\nIt was discovered that the fix for the [CVE-2013-1619 __](<https://access.redhat.com/security/cve/CVE-2013-1619>) issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. ([CVE-2013-2116 __](<https://access.redhat.com/security/cve/CVE-2013-2116>))\n\n \n**Affected Packages:** \n\n\ngnutls\n\n \n**Issue Correction:** \nRun _yum update gnutls_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnutls-debuginfo-2.8.5-10.10.amzn1.i686 \n gnutls-devel-2.8.5-10.10.amzn1.i686 \n gnutls-2.8.5-10.10.amzn1.i686 \n gnutls-utils-2.8.5-10.10.amzn1.i686 \n gnutls-guile-2.8.5-10.10.amzn1.i686 \n \n src: \n gnutls-2.8.5-10.10.amzn1.src \n \n x86_64: \n gnutls-2.8.5-10.10.amzn1.x86_64 \n gnutls-utils-2.8.5-10.10.amzn1.x86_64 \n gnutls-guile-2.8.5-10.10.amzn1.x86_64 \n gnutls-debuginfo-2.8.5-10.10.amzn1.x86_64 \n gnutls-devel-2.8.5-10.10.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T23:08:00", "title": "Important: gnutls", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:11", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2014-09-15T23:08:00", "id": "ALAS-2013-197", "href": "https://alas.aws.amazon.com/ALAS-2013-197.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:06", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "3.0.31", "arch": "i486", "packageFilename": "gnutls-3.0.31-i486-1_slack14.0.txz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "3.0.31", "arch": "x86_64", "packageFilename": "gnutls-3.0.31-x86_64-1_slack14.0.txz", "packageName": "gnutls", "operator": "lt"}], "description": "New gnutls packages are available for Slackware 14.0 and -current to fix a\nsecurity issue.\n\nSorry about having to reissue this one -- I pulled it from ftp.gnu.org not\nrealizing that the latest version there was actually months out of date.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/gnutls-3.0.31-i486-1_slack14.0.txz: Upgraded.\n [Updated to the correct version to fix fetching the &quot;latest&quot; from gnu.org]\n This update prevents a side-channel attack which may allow remote attackers\n to conduct distinguishing attacks and plaintext recovery attacks using\n statistical analysis of timing data for crafted packets.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnutls-3.0.31-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnutls-3.0.31-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.0.31-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.0.31-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\ndeffffdf6b2a432a11fde60237892407 gnutls-3.0.31-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7c035da64b6f6b981b9479a49944257f gnutls-3.0.31-x86_64-1_slack14.0.txz\n\nSlackware -current package:\n66c5b3d438a7833f5ff1266c2f11a816 n/gnutls-3.0.31-i486-1.txz\n\nSlackware x86_64 -current package:\nf09cf7bd0ab4f89212ab10aaef495fa1 n/gnutls-3.0.31-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-3.0.31-i486-1_slack14.0.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2013-08-30T13:25:45", "title": "gnutls", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "modified": "2013-08-30T13:25:45", "id": "SSA-2013-242-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.374026", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T02:37:10", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "3.0.26", "arch": "x86_64", "packageFilename": "gnutls-3.0.26-x86_64-1_slack14.0.txz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "3.0.26", "arch": "i486", "packageFilename": "gnutls-3.0.26-i486-1_slack14.0.txz", "packageName": "gnutls", "operator": "lt"}], "description": "New gnutls packages are available for Slackware 14.0, and -current to fix a\nsecurity issue.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/gnutls-3.0.26-i486-1_slack14.0.txz: Upgraded.\n This update prevents a side-channel attack which may allow remote attackers\n to conduct distinguishing attacks and plaintext recovery attacks using\n statistical analysis of timing data for crafted packets.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnutls-3.0.26-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnutls-3.0.26-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.0.26-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.0.26-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nb4871658060b56ee03e2d04a9d5b96e4 gnutls-3.0.26-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n976ca3bf65238d75a027cb2203cf9612 gnutls-3.0.26-x86_64-1_slack14.0.txz\n\nSlackware -current package:\n16e99934d07c8aab09016e0cb2c6cfa1 n/gnutls-3.0.26-i486-1.txz\n\nSlackware x86_64 -current package:\ndffa995fb8369f1c7afd7342dd31697e n/gnutls-3.0.26-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-3.0.26-i486-1_slack14.0.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2013-08-30T00:46:14", "title": "gnutls", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "modified": "2013-08-30T00:46:14", "id": "SSA-2013-242-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.354993", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T02:36:49", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.8.4", "arch": "x86_64", "packageFilename": "gnutls-2.8.4-x86_64-2_slack13.0.txz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "2.8.4", "arch": "i486", "packageFilename": "gnutls-2.8.4-i486-2_slack12.1.tgz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.8.6", "arch": "i486", "packageFilename": "gnutls-2.8.6-i486-2_slack13.1.txz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "2.8.4", "arch": "i486", "packageFilename": "gnutls-2.8.4-i486-2_slack12.2.tgz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.10.5", "arch": "x86_64", "packageFilename": "gnutls-2.10.5-x86_64-2_slack13.37.txz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.8.6", "arch": "x86_64", "packageFilename": "gnutls-2.8.6-x86_64-2_slack13.1.txz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.8.4", "arch": "i486", "packageFilename": "gnutls-2.8.4-i486-2_slack13.0.txz", "packageName": "gnutls", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.10.5", "arch": "i486", "packageFilename": "gnutls-2.10.5-i486-2_slack13.37.txz", "packageName": "gnutls", "operator": "lt"}], "description": "New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1,\nand 13.37 to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/gnutls-2.10.5-i486-2_slack13.37.txz: Rebuilt.\n [Updated to the correct version to fix fetching the &quot;latest&quot; from gnu.org]\n This update prevents a side-channel attack which may allow remote attackers\n to conduct distinguishing attacks and plaintext recovery attacks using\n statistical analysis of timing data for crafted packets.\n Other minor security issues are patched as well.\n Thanks to mancha for backporting these patches.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/gnutls-2.8.4-i486-2_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/gnutls-2.8.4-i486-2_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnutls-2.8.4-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnutls-2.8.4-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnutls-2.8.6-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnutls-2.8.6-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnutls-2.10.5-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnutls-2.10.5-x86_64-2_slack13.37.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\nb1befa86737a2451146dd108eb58b9a9 gnutls-2.8.4-i486-2_slack12.1.tgz\n\nSlackware 12.2 package:\n7ea0f267149d76ccdcca1206027e664f gnutls-2.8.4-i486-2_slack12.2.tgz\n\nSlackware 13.0 package:\n2c102969a15b8a66e79ec4d07821faf7 gnutls-2.8.4-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n501b5709da4ff494a3ecdfee74187281 gnutls-2.8.4-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\na7d101cd7fc47cf9e4e0f15406ca29fd gnutls-2.8.6-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n65a234fe93b46c7ea29799ffc3e4f25e gnutls-2.8.6-x86_64-2_slack13.1.txz\n\nSlackware 13.37 package:\n9cf8770560e17d1d57267cb05bf3badd gnutls-2.10.5-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n349f7f77e29612b679522a4a199c03fa gnutls-2.10.5-x86_64-2_slack13.37.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-2.10.5-i486-2_slack13.37.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2013-10-14T17:18:30", "title": "gnutls", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4128", "CVE-2013-1619", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-2116"], "modified": "2013-10-14T17:18:30", "id": "SSA-2013-287-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.467196", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:33", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "i386", "packageName": "gnutls-debuginfo", "packageFilename": "gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm", "operator": "lt"}], "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nIt was discovered that GnuTLS leaked timing information when decrypting\nTLS/SSL protocol encrypted records when CBC-mode cipher suites were used.\nA remote attacker could possibly use this flaw to retrieve plain text from\nthe encrypted packets by using a TLS/SSL server as a padding oracle.\n(CVE-2013-1619)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted,\nor the system rebooted.\n", "reporter": "RedHat", "published": "2013-03-04T05:00:00", "type": "redhat", "title": "(RHSA-2013:0588) Moderate: gnutls security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:31", "id": "RHSA-2013:0588", "href": "https://access.redhat.com/errata/RHSA-2013:0588", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:40:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageName": "gnutls-debuginfo", "packageFilename": "gnutls-debuginfo-1.4.1-10.el5_9.2.i386.rpm", "operator": "lt"}], "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released via\nRHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\nencrypted records when CBC-mode cipher suites were used. A remote attacker\ncould possibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect this issue. For the update to take effect, all applications linked\nto the GnuTLS library must be restarted.\n", "reporter": "RedHat", "published": "2013-05-30T04:00:00", "type": "redhat", "title": "(RHSA-2013:0883) Important: gnutls security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:23", "id": "RHSA-2013:0883", "href": "https://access.redhat.com/errata/RHSA-2013:0883", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:43:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.4-20130306.2.el6_4", "arch": "noarch", "packageName": "rhev-hypervisor6", "packageFilename": "rhev-hypervisor6-6.4-20130306.2.el6_4.noarch.rpm", "operator": "lt"}], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nIt was discovered that GnuTLS leaked timing information when decrypting\nTLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to retrieve plain text from\nthe encrypted packets by using a TLS/SSL server as a padding oracle.\n(CVE-2013-1619)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-0292 (dbus-glib issue)\n\nCVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues)\n\nCVE-2013-0338 (libxml2 issue)\n\nThis update contains the builds from the following errata:\n\novirt-node: RHBA-2013:0634\n https://rhn.redhat.com/errata/RHBA-2013-0634.html\nkernel: RHSA-2013:0630\n https://rhn.redhat.com/errata/RHSA-2013-0630.html\ndbus-glib: RHSA-2013:0568\n https://rhn.redhat.com/errata/RHSA-2013-0568.html\nlibcgroup: RHBA-2013:0560\n https://rhn.redhat.com/errata/RHBA-2013-0560.html\nvdsm: RHBA-2013:0635\n https://rhn.redhat.com/errata/RHBA-2013-0635.html\nselinux-policy: RHBA-2013:0618\n https://rhn.redhat.com/errata/RHBA-2013-0618.html\nqemu-kvm-rhev: RHSA-2013:0610\n https://rhn.redhat.com/errata/RHSA-2013-0610.html\nglusterfs: RHBA-2013:0620\n https://rhn.redhat.com/errata/RHBA-2013-0620.html\ngnutls: RHSA-2013:0588\n https://rhn.redhat.com/errata/RHSA-2013-0588.html\nipmitool: RHBA-2013:0572\n https://rhn.redhat.com/errata/RHBA-2013-0572.html\nlibxml2: RHSA-2013:0581\n https://rhn.redhat.com/errata/RHSA-2013-0581.html\nopenldap: RHBA-2013:0598\n https://rhn.redhat.com/errata/RHBA-2013-0598.html\nopenssl: RHSA-2013:0587\n https://rhn.redhat.com/errata/RHSA-2013-0587.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "reporter": "RedHat", "published": "2013-03-13T04:00:00", "type": "redhat", "title": "(RHSA-2013:0636) Important: rhev-hypervisor6 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-4929", "CVE-2012-6075", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0292", "CVE-2013-0338", "CVE-2013-0871", "CVE-2013-1619"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:59:36", "id": "RHSA-2013:0636", "href": "https://access.redhat.com/errata/RHSA-2013:0636", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:31", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.4-20130709.0.el6_4", "arch": "noarch", "packageName": "rhev-hypervisor6", "packageFilename": "rhev-hypervisor6-6.4-20130709.0.el6_4.noarch.rpm", "operator": "lt"}], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was discovered that the fix for the CVE-2013-1619 issue released via\nRHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL\nencrypted records when CBC-mode cipher suites were used. A remote attacker\ncould possibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-2174 (curl issue)\n\nCVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634,\nCVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,\nand CVE-2013-3301 (kernel issues)\n\nCVE-2002-2443 (krb5 issue)\n\nCVE-2013-1950 (libtirpc issue)\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state. \n\nThis update also contains the fixes from the following errata:\n\n* ovirt-node: RHBA-2013:1077\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "reporter": "RedHat", "published": "2013-07-16T04:00:00", "type": "redhat", "title": "(RHSA-2013:1076) Important: rhev-hypervisor6 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2002-2443", "CVE-2012-6548", "CVE-2013-0914", "CVE-2013-1619", "CVE-2013-1848", "CVE-2013-1950", "CVE-2013-2116", "CVE-2013-2128", "CVE-2013-2174", "CVE-2013-2634", "CVE-2013-2635", "CVE-2013-2852", "CVE-2013-3222", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3301"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:59:39", "id": "RHSA-2013:1076", "href": "https://access.redhat.com/errata/RHSA-2013:1076", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2018-04-04T13:00:21", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0588.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "x86_64", "packageName": "gnutls-guile", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "x86_64", "packageName": "gnutls-utils", "packageFilename": "gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageName": "gnutls-guile", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageName": "gnutls-guile", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageName": "gnutls-utils", "packageFilename": "gnutls-utils-2.8.5-10.el6_4.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "x86_64", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageName": "gnutls", "packageFilename": "gnutls-2.8.5-10.el6_4.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageName": "gnutls", "packageFilename": "gnutls-2.8.5-10.el6_4.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "x86_64", "packageName": "gnutls", "packageFilename": "gnutls-2.8.5-10.el6_4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "any", "packageName": "gnutls", "packageFilename": "gnutls-2.8.5-10.el6_4.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.1.i686.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0588\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nIt was discovered that GnuTLS leaked timing information when decrypting\nTLS/SSL protocol encrypted records when CBC-mode cipher suites were used.\nA remote attacker could possibly use this flaw to retrieve plain text from\nthe encrypted packets by using a TLS/SSL server as a padding oracle.\n(CVE-2013-1619)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted,\nor the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/000817.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-guile\ngnutls-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0588.html", "edition": 4, "reporter": "CentOS Project", "published": "2013-03-04T22:46:23", "title": "gnutls security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "modified": "2013-03-04T22:46:23", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-March/000817.html", "id": "CESA-2013:0588", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-03T18:24:46", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0883.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "x86_64", "packageName": "gnutls", "packageFilename": "gnutls-2.8.5-10.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "x86_64", "packageName": "gnutls", "packageFilename": "gnutls-1.4.1-10.el5_9.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageName": "gnutls-utils", "packageFilename": "gnutls-utils-2.8.5-10.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "x86_64", "packageName": "gnutls-utils", "packageFilename": "gnutls-utils-2.8.5-10.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "x86_64", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "any", "packageName": "gnutls", "packageFilename": "gnutls-2.8.5-10.el6_4.2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "x86_64", "packageName": "gnutls-utils", "packageFilename": "gnutls-utils-1.4.1-10.el5_9.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageName": "gnutls", "packageFilename": "gnutls-1.4.1-10.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageName": "gnutls", "packageFilename": "gnutls-1.4.1-10.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "any", "packageName": "gnutls", "packageFilename": "gnutls-1.4.1-10.el5_9.2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "x86_64", "packageName": "gnutls-guile", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageName": "gnutls-guile", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageName": "gnutls-guile", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageName": "gnutls-utils", "packageFilename": "gnutls-utils-1.4.1-10.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageName": "gnutls", "packageFilename": "gnutls-2.8.5-10.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageName": "gnutls", "packageFilename": "gnutls-2.8.5-10.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "x86_64", "packageName": "gnutls-devel", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.2.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0883\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released via\nRHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\nencrypted records when CBC-mode cipher suites were used. A remote attacker\ncould possibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect this issue. For the update to take effect, all applications linked\nto the GnuTLS library must be restarted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-May/019766.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-May/019767.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-guile\ngnutls-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0883.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-05-30T18:50:13", "title": "gnutls security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2013-05-30T20:28:37", "href": "http://lists.centos.org/pipermail/centos-announce/2013-May/019766.html", "id": "CESA-2013:0883", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:31", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "src", "packageFilename": "gnutls-2.8.5-10.el6_4.1.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "src", "packageFilename": "gnutls-2.8.5-10.el6_4.1.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "i386", "packageFilename": "gnutls-1.4.1-10.el5_9.1.i386.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "i386", "packageFilename": "gnutls-1.4.1-10.el5_9.1.i386.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "i386", "packageFilename": "gnutls-1.4.1-10.el5_9.1.i386.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "src", "packageFilename": "gnutls-1.4.1-10.el5_9.1.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "src", "packageFilename": "gnutls-1.4.1-10.el5_9.1.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "src", "packageFilename": "gnutls-1.4.1-10.el5_9.1.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "x86_64", "packageFilename": "gnutls-utils-1.4.1-10.el5_9.1.x86_64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageFilename": "gnutls-2.8.5-10.el6_4.1.i686.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageFilename": "gnutls-2.8.5-10.el6_4.1.i686.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "x86_64", "packageFilename": "gnutls-2.8.5-10.el6_4.1.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.1.i686.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.1.i686.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "ia64", "packageFilename": "gnutls-1.4.1-10.el5_9.1.ia64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "x86_64", "packageFilename": "gnutls-1.4.1-10.el5_9.1.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "x86_64", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "i386", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.1.i386.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "i386", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.1.i386.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageFilename": "gnutls-utils-2.8.5-10.el6_4.1.i686.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.1.i686.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "i686", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.1.i686.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "x86_64", "packageFilename": "gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "x86_64", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.1.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "ia64", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.1.ia64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.1", "arch": "x86_64", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "i386", "packageFilename": "gnutls-utils-1.4.1-10.el5_9.1.i386.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.1", "arch": "ia64", "packageFilename": "gnutls-utils-1.4.1-10.el5_9.1.ia64.rpm", "packageName": "gnutls-utils", "operator": "lt"}], "description": "[2.8.5-10.1]\n- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)", "edition": 3, "reporter": "Oracle", "published": "2013-03-04T00:00:00", "title": "gnutls security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "modified": "2013-03-04T00:00:00", "id": "ELSA-2013-0588", "href": "http://linux.oracle.com/errata/ELSA-2013-0588.html", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T01:42:29", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageFilename": "gnutls-2.8.5-10.el6_4.2.i686.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageFilename": "gnutls-2.8.5-10.el6_4.2.i686.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "src", "packageFilename": "gnutls-2.8.5-10.el6_4.2.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "src", "packageFilename": "gnutls-2.8.5-10.el6_4.2.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "x86_64", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.2.x86_64.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "x86_64", "packageFilename": "gnutls-utils-1.4.1-10.el5_9.2.x86_64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "ia64", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.2.ia64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "x86_64", "packageFilename": "gnutls-1.4.1-10.el5_9.2.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "x86_64", "packageFilename": "gnutls-utils-2.8.5-10.el6_4.2.x86_64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageFilename": "gnutls-utils-2.8.5-10.el6_4.2.i686.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "x86_64", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.2.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "x86_64", "packageFilename": "gnutls-2.8.5-10.el6_4.2.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "src", "packageFilename": "gnutls-1.4.1-10.el5_9.2.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "src", "packageFilename": "gnutls-1.4.1-10.el5_9.2.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "src", "packageFilename": "gnutls-1.4.1-10.el5_9.2.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.2.i686.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageFilename": "gnutls-guile-2.8.5-10.el6_4.2.i686.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "x86_64", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.2.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "ia64", "packageFilename": "gnutls-1.4.1-10.el5_9.2.ia64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageFilename": "gnutls-utils-1.4.1-10.el5_9.2.i386.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.2.i686.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-10.el6_4.2", "arch": "i686", "packageFilename": "gnutls-devel-2.8.5-10.el6_4.2.i686.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.2.i386.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageFilename": "gnutls-devel-1.4.1-10.el5_9.2.i386.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "ia64", "packageFilename": "gnutls-utils-1.4.1-10.el5_9.2.ia64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageFilename": "gnutls-1.4.1-10.el5_9.2.i386.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageFilename": "gnutls-1.4.1-10.el5_9.2.i386.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-10.el5_9.2", "arch": "i386", "packageFilename": "gnutls-1.4.1-10.el5_9.2.i386.rpm", "packageName": "gnutls", "operator": "lt"}], "description": "[2.8.5-10.2]\n- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619\n upstream patch (#966754)", "edition": 3, "reporter": "Oracle", "published": "2013-05-30T00:00:00", "title": "gnutls security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2013-05-30T00:00:00", "id": "ELSA-2013-0883", "href": "http://linux.oracle.com/errata/ELSA-2013-0883.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:46:49", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "i686", "packageFilename": "gnutls-guile-2.8.5-13.el6_5.i686.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "i686", "packageFilename": "gnutls-guile-2.8.5-13.el6_5.i686.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "x86_64", "packageFilename": "gnutls-2.8.5-13.el6_5.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "x86_64", "packageFilename": "gnutls-guile-2.8.5-13.el6_5.x86_64.rpm", "packageName": "gnutls-guile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "i686", "packageFilename": "gnutls-2.8.5-13.el6_5.i686.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "i686", "packageFilename": "gnutls-2.8.5-13.el6_5.i686.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "x86_64", "packageFilename": "gnutls-utils-2.8.5-13.el6_5.x86_64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "x86_64", "packageFilename": "gnutls-devel-2.8.5-13.el6_5.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "i686", "packageFilename": "gnutls-devel-2.8.5-13.el6_5.i686.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "i686", "packageFilename": "gnutls-devel-2.8.5-13.el6_5.i686.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "i686", "packageFilename": "gnutls-utils-2.8.5-13.el6_5.i686.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "src", "packageFilename": "gnutls-2.8.5-13.el6_5.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.8.5-13.el6_5", "arch": "src", "packageFilename": "gnutls-2.8.5-13.el6_5.src.rpm", "packageName": "gnutls", "operator": "lt"}], "description": "[2.8.5-13]\n- fix CVE-2014-0092 (#1069890)\n[2.8.5-12]\n- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619\n upstream patch (#966754)\n[2.8.5-11]\n- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)", "edition": 3, "reporter": "Oracle", "published": "2014-03-03T00:00:00", "title": "gnutls security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2014-0092", "CVE-2013-2116"], "modified": "2014-03-03T00:00:00", "id": "ELSA-2014-0246", "href": "http://linux.oracle.com/errata/ELSA-2014-0246.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T01:44:47", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "x86_64", "packageFilename": "gnutls-devel-1.4.1-14.el5_10.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "ia64", "packageFilename": "gnutls-devel-1.4.1-14.el5_10.ia64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "x86_64", "packageFilename": "gnutls-1.4.1-14.el5_10.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "ia64", "packageFilename": "gnutls-1.4.1-14.el5_10.ia64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "x86_64", "packageFilename": "gnutls-utils-1.4.1-14.el5_10.x86_64.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "i386", "packageFilename": "gnutls-1.4.1-14.el5_10.i386.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "i386", "packageFilename": "gnutls-1.4.1-14.el5_10.i386.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "i386", "packageFilename": "gnutls-1.4.1-14.el5_10.i386.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "i386", "packageFilename": "gnutls-utils-1.4.1-14.el5_10.i386.rpm", "packageName": "gnutls-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "src", "packageFilename": "gnutls-1.4.1-14.el5_10.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "src", "packageFilename": "gnutls-1.4.1-14.el5_10.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "src", "packageFilename": "gnutls-1.4.1-14.el5_10.src.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "i386", "packageFilename": "gnutls-devel-1.4.1-14.el5_10.i386.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "i386", "packageFilename": "gnutls-devel-1.4.1-14.el5_10.i386.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.1-14.el5_10", "arch": "ia64", "packageFilename": "gnutls-utils-1.4.1-14.el5_10.ia64.rpm", "packageName": "gnutls-utils", "operator": "lt"}], "description": "[1.4.1-14]\n- Renamed gnutls-1.4.1-cve-2014-0092-1.patch to cve-2014-5138.patch\n- Renamed gnutls-1.4.1-cve-2014-0092-2.patch to cve-2014-0092.patch\n[1.4.1-13]\n- fix issues of CVE-2014-0092 (#1069888)\n[1.4.1-12]\n- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619\n upstream patch (#966754)\n[1.4.1-11]\n- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)", "edition": 4, "reporter": "Oracle", "published": "2014-03-03T00:00:00", "title": "gnutls security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2009-5138", "CVE-2014-0092", "CVE-2014-5138", "CVE-2013-2116"], "modified": "2014-03-03T00:00:00", "id": "ELSA-2014-0247", "href": "http://linux.oracle.com/errata/ELSA-2014-0247.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1752-1\r\nFebruary 27, 2013\r\n\r\ngnutls13, gnutls26 vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nGnuTLS could be made to expose sensitive information over the network.\r\n\r\nSoftware Description:\r\n- gnutls26: GNU TLS library\r\n- gnutls13: GNU TLS library\r\n\r\nDetails:\r\n\r\nNadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used\r\nin GnuTLS was vulnerable to a timing side-channel attack known as the\r\n&quot;Lucky Thirteen&quot; issue. A remote attacker could use this issue to perform\r\nplaintext-recovery attacks via analysis of timing data.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n libgnutls26 2.12.14-5ubuntu4.2\r\n\r\nUbuntu 12.04 LTS:\r\n libgnutls26 2.12.14-5ubuntu3.2\r\n\r\nUbuntu 11.10:\r\n libgnutls26 2.10.5-1ubuntu3.3\r\n\r\nUbuntu 10.04 LTS:\r\n libgnutls26 2.8.5-2ubuntu0.3\r\n\r\nUbuntu 8.04 LTS:\r\n libgnutls13 2.0.4-1ubuntu2.9\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1752-1\r\n CVE-2013-1619\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.2\r\n https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.2\r\n https://launchpad.net/ubuntu/+source/gnutls26/2.10.5-1ubuntu3.3\r\n https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.3\r\n https://launchpad.net/ubuntu/+source/gnutls13/2.0.4-1ubuntu2.9\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-03-02T00:00:00", "title": "[USN-1752-1] GnuTLS vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:47", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-1619"], "modified": "2013-03-02T00:00:00", "id": "SECURITYVULNS:DOC:29112", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29112", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:50", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29043", "https://vulners.com/securityvulns/securityvulns:doc:29112"], "description": "Timing attacks, DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2013-03-02T00:00:00", "title": "OpenSSL / PolarSSL / GnuTLS security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:50", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "gnutls", "version": "2.12", "operator": "eq"}, {"name": "PolarSSL", "version": "1.2", "operator": "eq"}, {"name": "OpenSSL", "version": "1.0", "operator": "eq"}], "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1619", "CVE-2013-1622", "CVE-2013-1621"], "modified": "2013-03-02T00:00:00", "id": "SECURITYVULNS:VULN:12887", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12887", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:55", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1619"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "2.10.5-1ubuntu3.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgnutls26", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "2.12.14-5ubuntu4.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgnutls26", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.12.14-5ubuntu3.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgnutls26", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.0.4-1ubuntu2.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgnutls13", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.8.5-2ubuntu0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgnutls26", "operator": "lt"}], "description": "Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the \u201cLucky Thirteen\u201d issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.", "edition": 3, "reporter": "Ubuntu", "published": "2013-02-27T00:00:00", "title": "GnuTLS vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "modified": "2013-02-27T00:00:00", "id": "USN-1752-1", "href": "https://usn.ubuntu.com/1752-1/", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:35:13", "references": ["https://bugzilla.novell.com/865804"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls26-debuginfo", "packageFilename": "libgnutls26-debuginfo-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls26", "packageFilename": "libgnutls26-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls-extra26-debuginfo", "packageFilename": "libgnutls-extra26-debuginfo-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "gnutls-debuginfo", "packageFilename": "gnutls-debuginfo-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "gnutls", "packageFilename": "gnutls-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls26-32bit", "packageFilename": "libgnutls26-32bit-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "gnutls", "packageFilename": "gnutls-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls-extra26-debuginfo", "packageFilename": "libgnutls-extra26-debuginfo-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls-extra-devel", "packageFilename": "libgnutls-extra-devel-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "gnutls-debuginfo", "packageFilename": "gnutls-debuginfo-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls-devel", "packageFilename": "libgnutls-devel-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "gnutls-debugsource", "packageFilename": "gnutls-debugsource-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls26-x86", "packageFilename": "libgnutls26-x86-2.8.6-5.25.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls-extra26", "packageFilename": "libgnutls-extra26-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls26", "packageFilename": "libgnutls26-2.8.6-5.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls-devel", "packageFilename": "libgnutls-devel-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "gnutls-debugsource", "packageFilename": "gnutls-debugsource-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls-extra26", "packageFilename": "libgnutls-extra26-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls26-debuginfo-x86", "packageFilename": "libgnutls26-debuginfo-x86-2.8.6-5.25.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls-extra-devel", "packageFilename": "libgnutls-extra-devel-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls26-debuginfo", "packageFilename": "libgnutls26-debuginfo-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.8.6-5.25.1", "packageName": "libgnutls26-debuginfo-32bit", "packageFilename": "libgnutls26-debuginfo-32bit-2.8.6-5.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "The gnutls library was updated to fix SSL certificate\n validation. Remote man-in-the-middle attackers were able to\n make the verification believe that a SSL certificate is\n valid even though it was not. Also the TLS-CBC timing\n attack vulnerability was fixed.\n\n", "edition": 1, "reporter": "Suse", "published": "2014-03-08T19:04:13", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "gnutls (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2014-0092"], "modified": "2014-03-08T19:04:13", "id": "OPENSUSE-SU-2014:0346-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:09:51", "references": ["https://bugzilla.novell.com/835760", "https://bugzilla.novell.com/865993", "https://bugzilla.novell.com/821818", "https://bugzilla.novell.com/760265", "http://download.novell.com/patch/finder/?keywords=356cafe0671e679ac89f61fb768aa876", "https://bugzilla.novell.com/865804", "https://bugzilla.novell.com/802651"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "s390x", "packageFilename": "gnutls-2.4.1-24.39.49.1.s390x.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "i586", "packageFilename": "gnutls-2.4.1-24.39.49.1.i586.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "i586", "packageFilename": "libgnutls26-2.4.1-24.39.49.1.i586.rpm", "packageName": "libgnutls26", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "s390x", "packageFilename": "libgnutls26-2.4.1-24.39.49.1.s390x.rpm", "packageName": "libgnutls26", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "x86_64", "packageFilename": "gnutls-2.4.1-24.39.49.1.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "x86_64", "packageFilename": "libgnutls26-2.4.1-24.39.49.1.x86_64.rpm", "packageName": "libgnutls26", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "s390x", "packageFilename": "libgnutls26-32bit-2.4.1-24.39.49.1.s390x.rpm", "packageName": "libgnutls26-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "x86_64", "packageFilename": "libgnutls-extra26-2.4.1-24.39.49.1.x86_64.rpm", "packageName": "libgnutls-extra26", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "i586", "packageFilename": "libgnutls-extra26-2.4.1-24.39.49.1.i586.rpm", "packageName": "libgnutls-extra26", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "s390x", "packageFilename": "libgnutls-extra26-2.4.1-24.39.49.1.s390x.rpm", "packageName": "libgnutls-extra26", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.4.1-24.39.49.1", "arch": "x86_64", "packageFilename": "libgnutls26-32bit-2.4.1-24.39.49.1.x86_64.rpm", "packageName": "libgnutls26-32bit", "operator": "lt"}], "description": "The GnuTLS library received a critical security fix and\n other updates:\n\n * CVE-2014-0092: The X.509 certificate verification had\n incorrect error handling, which could lead to broken\n certificates marked as being valid.\n * CVE-2009-5138: A verification problem in handling V1\n certificates could also lead to V1 certificates incorrectly\n being handled.\n * CVE-2013-2116: The _gnutls_ciphertext2compressed\n function in lib/gnutls_cipher.c in GnuTLS allowed remote\n attackers to cause a denial of service (buffer over-read\n and crash) via a crafted padding length.\n * CVE-2013-1619: Timing attacks against hashing of\n padding was fixed which might have allowed disclosure of\n keys. (Lucky13 attack).\n\n Also the following non-security bugs have been fixed:\n\n * gnutls doesn't like root CAs without Basic\n Constraints. Permit V1 Certificate Authorities properly\n (bnc#760265)\n * memory leak in PSK authentication (bnc#835760)\n", "edition": 1, "reporter": "Suse", "published": "2014-03-04T01:07:15", "title": "Security update for gnutls (critical)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2009-5138", "CVE-2014-0092", "CVE-2013-2116"], "modified": "2014-03-04T01:07:15", "id": "SUSE-SU-2014:0322-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:07:45", "references": ["http://download.suse.com/patch/finder/?keywords=144b31fbd95bc788b66959b55efa4c4d", "https://bugzilla.novell.com/880910", "https://bugzilla.novell.com/554084", "https://bugzilla.novell.com/670152", "https://bugzilla.novell.com/880730", "https://bugzilla.novell.com/802651"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.0.8-26.32", "arch": "i586", "packageFilename": "gnutls-1.0.8-26.32.i586.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.0.8-26.32", "arch": "x86_64", "packageFilename": "gnutls-1.0.8-26.32.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.0.8-26.32", "arch": "x86_64", "packageFilename": "gnutls-devel-1.0.8-26.32.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.0.8-26.32", "arch": "s390x", "packageFilename": "gnutls-devel-1.0.8-26.32.s390x.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.0.8-26.32", "arch": "s390", "packageFilename": "gnutls-1.0.8-26.32.s390.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.0.8-26.32", "arch": "s390", "packageFilename": "gnutls-devel-1.0.8-26.32.s390.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.0.8-26.32", "arch": "s390x", "packageFilename": "gnutls-1.0.8-26.32.s390x.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.0.8-26.32", "arch": "i586", "packageFilename": "gnutls-devel-1.0.8-26.32.i586.rpm", "packageName": "gnutls-devel", "operator": "lt"}], "description": "GnuTLS has been patched to ensure proper parsing of session ids during the\n TLS/SSL handshake. Additionally three issues inherited from libtasn1 have\n been fixed.\n\n Further information is available at\n <a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>&gt;\n\n These security issues have been fixed:\n\n * Possible memory corruption during connect (CVE-2014-3466)\n * Multiple boundary check issues could allow DoS (CVE-2014-3467)\n * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)\n * Possible DoS by NULL pointer dereference (CVE-2014-3469)\n * Possible timing side-channel attack (Lucky 13) (CVE-2013-1619)\n\n One additional bug has been fixed:\n\n * Allow unsafe renegotiation (bnc#554084)\n", "edition": 1, "reporter": "Suse", "published": "2014-06-16T18:04:14", "title": "Security update for GnuTLS (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2014-3466", "CVE-2014-3468", "CVE-2014-3469", "CVE-2014-3467"], "modified": "2014-06-16T18:04:14", "id": "SUSE-SU-2014:0800-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00020.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:38:49", "references": ["https://bugzilla.novell.com/865993", "https://bugzilla.novell.com/821818", "https://bugzilla.novell.com/754223", "https://bugzilla.novell.com/739898", "https://bugzilla.novell.com/554084", "http://download.novell.com/patch/finder/?keywords=3be1f1e8cc06d24d3e6d4ba2c4abdea4", "https://bugzilla.novell.com/753301", "https://bugzilla.novell.com/536809", "https://bugzilla.novell.com/865804", "https://bugzilla.novell.com/802651", "https://bugzilla.novell.com/659128"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "x86_64", "packageFilename": "gnutls-1.2.10-13.38.1.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "x86_64", "packageFilename": "gnutls-32bit-1.2.10-13.38.1.x86_64.rpm", "packageName": "gnutls-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "x86_64", "packageFilename": "gnutls-devel-32bit-1.2.10-13.38.1.x86_64.rpm", "packageName": "gnutls-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "i586", "packageFilename": "gnutls-1.2.10-13.38.1.i586.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "i586", "packageFilename": "gnutls-devel-1.2.10-13.38.1.i586.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "s390x", "packageFilename": "gnutls-32bit-1.2.10-13.38.1.s390x.rpm", "packageName": "gnutls-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "x86_64", "packageFilename": "gnutls-devel-1.2.10-13.38.1.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "s390x", "packageFilename": "gnutls-devel-32bit-1.2.10-13.38.1.s390x.rpm", "packageName": "gnutls-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "s390x", "packageFilename": "gnutls-devel-1.2.10-13.38.1.s390x.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "s390x", "packageFilename": "gnutls-1.2.10-13.38.1.s390x.rpm", "packageName": "gnutls", "operator": "lt"}], "description": "The GnuTLS library received a critical security fix and\n other updates:\n\n * CVE-2014-0092: The X.509 certificate verification had\n incorrect error handling, which could lead to broken\n certificates marked as being valid.\n * CVE-2009-5138: A verification problem in handling V1\n certificates could also lead to V1 certificates incorrectly\n being handled.\n * CVE-2013-2116: The _gnutls_ciphertext2compressed\n function in lib/gnutls_cipher.c in GnuTLS allowed remote\n attackers to cause a denial of service (buffer over-read\n and crash) via a crafted padding length.\n * CVE-2013-1619: The TLS implementation in GnuTLS did\n not properly consider timing side-channel attacks on a\n noncompliant MAC check operation during the processing of\n malformed CBC padding, which allows remote attackers to\n conduct distinguishing attacks and plaintext-recovery\n attacks via statistical analysis of timing data for crafted\n packets, a related issue to CVE-2013-0169. (Lucky13)\n * CVE-2012-1569: The asn1_get_length_der function in\n decoding.c in GNU Libtasn1 , as used in GnuTLS did not\n properly handle certain large length values, which allowed\n remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly have\n unspecified other impact via a crafted ASN.1 structure.\n * CVE-2012-1573: gnutls_cipher.c in libgnutls in GnuTLS\n did not properly handle data encrypted with a block cipher,\n which allowed remote attackers to cause a denial of service\n (heap memory corruption and application crash) via a\n crafted record, as demonstrated by a crafted\n GenericBlockCipher structure.\n * CVE-2012-0390: The DTLS implementation in GnuTLS\n executed certain error-handling code only if there is a\n specific relationship between a padding length and the\n ciphertext size, which made it easier for remote attackers\n to recover partial plaintext via a timing side-channel\n attack, a related issue to CVE-2011-4108.\n\n Also some non security bugs have been fixed:\n\n * Did some more s390x size_t vs int fixes. (bnc#536809,\n bnc#659128)\n * re-enabled &quot;legacy negotiation&quot; (bnc#554084)\n * fix safe-renegotiation for sle10sp3 and sle10sp4 bug\n (bnc#554084)\n * fix bug bnc#536809, fix gnutls-cli to abort\n connection after detecting a bad certificate\n", "edition": 1, "reporter": "Suse", "published": "2014-03-04T01:04:52", "title": "Security update for gnutls (critical)", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2013-0169", "CVE-2013-1619", "CVE-2009-5138", "CVE-2014-0092", "CVE-2012-0390", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-2116"], "modified": "2014-03-04T01:04:52", "id": "SUSE-SU-2014:0320-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:39", "references": ["http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "https://bugs.gentoo.org/show_bug.cgi?id=471788", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2116", "https://bugs.gentoo.org/show_bug.cgi?id=455560"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.12.23-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-libs/gnutls", "operator": "lt"}], "edition": 1, "description": "### Background\n\nGnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. \n\n### Description\n\nMultiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details. \n\n### Impact\n\nA remote attacker could sent a specially crafted packet to cause a Denial of Service condition. Additionally, a remote attacker could perform man-in-the-middle attacks to recover plaintext data. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GnuTLS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/gnutls-2.12.23-r1\"", "reporter": "Gentoo Foundation", "published": "2013-10-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "gentoo", "title": "GnuTLS: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2013-10-28T00:00:00", "id": "GLSA-201310-18", "href": "https://security.gentoo.org/glsa/201310-18", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}