{"id": "GENTOO_GLSA-201310-18.NASL", "bulletinFamily": "scanner", "title": "GLSA-201310-18 : GnuTLS: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201310-18\n(GnuTLS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GnuTLS. Please review\n the CVE identifiers and Lucky Thirteen research paper referenced below\n for details.\n \nImpact :\n\n A remote attacker could sent a specially crafted packet to cause a\n Denial of Service condition. Additionally, a remote attacker could\n perform man-in-the-middle attacks to recover plaintext data.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2013-10-29T00:00:00", "modified": "2013-10-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/70674", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201310-18", "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"], "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "type": "nessus", "lastseen": "2021-01-07T10:55:11", "edition": 21, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2116", "CVE-2013-1619"]}, {"type": "f5", "idList": ["F5:K15637", "SOL15721", "SOL15637"]}, {"type": "gentoo", "idList": ["GLSA-201310-18"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0883", "ELSA-2014-0246", "ELSA-2013-0588", "ELSA-2014-0247"]}, {"type": "redhat", "idList": ["RHSA-2013:0883", "RHSA-2013:0588"]}, {"type": "amazon", "idList": ["ALAS-2013-197", "ALAS-2013-172"]}, {"type": "centos", "idList": ["CESA-2013:0883"]}, {"type": "fedora", "idList": ["FEDORA:2355020C92", "FEDORA:E395C20BB0", "FEDORA:72D6B21519", "FEDORA:687C121573", "FEDORA:6572320913", "FEDORA:8124B2133D", "FEDORA:A99D020B93"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871001", "OPENVAS:1361412562310881738", "OPENVAS:1361412562310881742", "OPENVAS:865758", "OPENVAS:871001", "OPENVAS:1361412562310865758", "OPENVAS:881742", "OPENVAS:865809", "OPENVAS:1361412562310865809", "OPENVAS:1361412562310120088"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2013-0883.NASL", "SLACKWARE_SSA_2013-287-03.NASL", "ORACLELINUX_ELSA-2013-0883.NASL", "SOLARIS11_GNUTLS_20130924.NASL", "ALA_ALAS-2013-197.NASL", "SL_20130530_GNUTLS_ON_SL5_X.NASL", "ORACLEVM_OVMSA-2015-0101.NASL", "FEDORA_2013-9792.NASL", "UBUNTU_USN-1843-1.NASL", "CENTOS_RHSA-2013-0883.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1060-2", "SUSE-SU-2013:1060-1", "SUSE-SU-2014:0322-1"]}, {"type": "slackware", "idList": ["SSA-2013-242-01", "SSA-2013-287-03", "SSA-2013-242-03"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2697-1:60A8F"]}, {"type": "ubuntu", "idList": ["USN-1843-1", "USN-1752-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13101", "SECURITYVULNS:DOC:29438", "SECURITYVULNS:DOC:29112"]}], "modified": "2021-01-07T10:55:11", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-01-07T10:55:11", "rev": 2}, "vulnersScore": 5.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201310-18.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70674);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1619\", \"CVE-2013-2116\");\n script_bugtraq_id(57736, 60215);\n script_xref(name:\"GLSA\", value:\"201310-18\");\n\n script_name(english:\"GLSA-201310-18 : GnuTLS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201310-18\n(GnuTLS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GnuTLS. Please review\n the CVE identifiers and Lucky Thirteen research paper referenced below\n for details.\n \nImpact :\n\n A remote attacker could sent a specially crafted packet to cause a\n Denial of Service condition. Additionally, a remote attacker could\n perform man-in-the-middle attacks to recover plaintext data.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.isg.rhul.ac.uk/tls/TLStiming.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201310-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GnuTLS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.12.23-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/gnutls\", unaffected:make_list(\"ge 2.12.23-r1\"), vulnerable:make_list(\"lt 2.12.23-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GnuTLS\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "70674", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gnutls"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:06:50", "description": "The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.", "edition": 4, "cvss3": {}, "published": "2013-07-03T18:55:00", "title": "CVE-2013-2116", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2116"], "modified": "2014-03-26T04:47:00", "cpe": ["cpe:/a:gnu:gnutls:2.12.23"], "id": "CVE-2013-2116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2116", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:gnutls:2.12.23:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:49", "description": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.", "edition": 4, "cvss3": {}, "published": "2013-02-08T19:55:00", "title": "CVE-2013-1619", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1619"], "modified": "2014-03-26T04:46:00", "cpe": ["cpe:/a:gnu:gnutls:2.1.3", "cpe:/a:gnu:gnutls:2.8.3", "cpe:/a:gnu:gnutls:2.2.0", "cpe:/a:gnu:gnutls:2.12.13", "cpe:/a:gnu:gnutls:3.0.18", "cpe:/a:gnu:gnutls:2.1.7", "cpe:/a:gnu:gnutls:2.4.0", "cpe:/a:gnu:gnutls:2.1.5", "cpe:/a:gnu:gnutls:2.1.2", "cpe:/a:gnu:gnutls:2.3.9", "cpe:/a:gnu:gnutls:2.4.1", "cpe:/a:gnu:gnutls:2.10.2", "cpe:/a:gnu:gnutls:3.1.2", "cpe:/a:gnu:gnutls:2.5.0", "cpe:/a:gnu:gnutls:3.0.1", "cpe:/a:gnu:gnutls:2.12.8", "cpe:/a:gnu:gnutls:2.2.4", "cpe:/a:gnu:gnutls:3.1.0", "cpe:/a:gnu:gnutls:2.12.9", "cpe:/a:gnu:gnutls:2.3.5", "cpe:/a:gnu:gnutls:2.1.4", "cpe:/a:gnu:gnutls:3.0.9", "cpe:/a:gnu:gnutls:2.0.0", "cpe:/a:gnu:gnutls:2.3.7", "cpe:/a:gnu:gnutls:2.6.1", "cpe:/a:gnu:gnutls:2.0.3", "cpe:/a:gnu:gnutls:2.12.11", "cpe:/a:gnu:gnutls:3.0.4", "cpe:/a:gnu:gnutls:2.12.6.1", "cpe:/a:gnu:gnutls:3.0.8", "cpe:/a:gnu:gnutls:3.1.4", "cpe:/a:gnu:gnutls:3.0.0", "cpe:/a:gnu:gnutls:2.2.3", "cpe:/a:gnu:gnutls:3.0.26", "cpe:/a:gnu:gnutls:2.3.1", "cpe:/a:gnu:gnutls:2.10.1", "cpe:/a:gnu:gnutls:3.0.15", "cpe:/a:gnu:gnutls:2.12.17", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/a:gnu:gnutls:3.0.6", "cpe:/a:gnu:gnutls:2.12.5", "cpe:/a:gnu:gnutls:2.3.0", "cpe:/a:gnu:gnutls:2.3.3", "cpe:/a:gnu:gnutls:2.4.2", "cpe:/a:gnu:gnutls:2.12.22", "cpe:/a:gnu:gnutls:3.0.2", "cpe:/a:gnu:gnutls:2.3.10", "cpe:/a:gnu:gnutls:3.1.3", "cpe:/a:gnu:gnutls:2.7.4", "cpe:/a:gnu:gnutls:3.0.21", "cpe:/a:gnu:gnutls:2.10.3", "cpe:/a:gnu:gnutls:2.8.1", "cpe:/a:gnu:gnutls:2.12.19", "cpe:/a:gnu:gnutls:2.1.8", "cpe:/a:gnu:gnutls:2.4.3", "cpe:/a:gnu:gnutls:3.0.16", "cpe:/a:gnu:gnutls:2.12.16", "cpe:/a:gnu:gnutls:2.6.2", "cpe:/a:gnu:gnutls:2.12.18", "cpe:/a:gnu:gnutls:2.8.4", "cpe:/a:gnu:gnutls:2.12.2", "cpe:/a:gnu:gnutls:2.12.7", "cpe:/a:gnu:gnutls:2.6.6", "cpe:/a:gnu:gnutls:3.0.22", "cpe:/a:gnu:gnutls:2.8.6", "cpe:/a:gnu:gnutls:2.12.14", "cpe:/a:gnu:gnutls:2.12.6", "cpe:/a:gnu:gnutls:3.0.13", "cpe:/a:gnu:gnutls:2.12.3", "cpe:/a:gnu:gnutls:2.0.1", "cpe:/a:gnu:gnutls:2.12.12", "cpe:/a:gnu:gnutls:2.8.2", "cpe:/a:gnu:gnutls:2.10.5", "cpe:/a:gnu:gnutls:2.10.0", "cpe:/a:gnu:gnutls:2.6.4", "cpe:/a:gnu:gnutls:3.0.7", "cpe:/a:gnu:gnutls:3.0.17", "cpe:/a:gnu:gnutls:2.3.6", "cpe:/a:gnu:gnutls:2.12.4", "cpe:/a:gnu:gnutls:3.1.6", "cpe:/a:gnu:gnutls:2.3.11", "cpe:/a:gnu:gnutls:2.12.1", "cpe:/a:gnu:gnutls:3.0.25", "cpe:/a:gnu:gnutls:2.2.5", "cpe:/a:gnu:gnutls:2.3.4", "cpe:/a:gnu:gnutls:3.1.5", "cpe:/a:gnu:gnutls:2.6.0", "cpe:/a:gnu:gnutls:3.0.14", "cpe:/a:gnu:gnutls:2.0.4", "cpe:/a:gnu:gnutls:3.0.20", "cpe:/a:gnu:gnutls:2.1.6", "cpe:/a:gnu:gnutls:2.2.2", "cpe:/a:gnu:gnutls:2.6.3", "cpe:/a:gnu:gnutls:2.0.2", "cpe:/a:gnu:gnutls:3.0.11", "cpe:/a:gnu:gnutls:3.0.27", "cpe:/a:gnu:gnutls:2.6.5", "cpe:/a:gnu:gnutls:3.1.1", "cpe:/a:gnu:gnutls:2.1.0", "cpe:/a:gnu:gnutls:2.8.0", "cpe:/a:gnu:gnutls:3.0", "cpe:/a:gnu:gnutls:2.12.21", "cpe:/a:gnu:gnutls:2.12.0", "cpe:/a:gnu:gnutls:2.1.1", "cpe:/a:gnu:gnutls:2.12.20", "cpe:/a:gnu:gnutls:2.3.8", "cpe:/a:gnu:gnutls:2.2.1", "cpe:/a:gnu:gnutls:2.10.4", "cpe:/a:gnu:gnutls:3.0.23", "cpe:/a:gnu:gnutls:2.12.10", "cpe:/a:gnu:gnutls:3.0.19", "cpe:/a:gnu:gnutls:3.0.10", "cpe:/a:gnu:gnutls:3.0.12", "cpe:/a:gnu:gnutls:3.0.24", "cpe:/a:gnu:gnutls:2.3.2", "cpe:/a:gnu:gnutls:3.0.3", "cpe:/a:gnu:gnutls:3.0.5", "cpe:/a:gnu:gnutls:2.12.15"], "id": "CVE-2013-1619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1619", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-10-12T02:11:18", "bulletinFamily": "software", "cvelist": ["CVE-2013-0169", "CVE-2013-2116"], "edition": 1, "description": " \n\n\nThe _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. ([CVE-2013-2116](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2116>)) \n\n\nImpact \n\n\nNone. No F5 products are affected by this vulnerability. \n\n\n**Note**: F5 Product Development has determined that BIG-IP, BIG-IQ, and Enterprise Manager versions ship with vulnerable GnuTLS code. However, the vulnerable code is not used as a server or to make outgoing connections, and is not exploitable.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-10-06T23:13:00", "href": "https://support.f5.com/csp/article/K15637", "id": "F5:K15637", "title": "GnuTLS vulnerability CVE-2013-2116", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:29", "bulletinFamily": "software", "cvelist": ["CVE-2013-0169", "CVE-2013-2116"], "edition": 1, "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-10-16T00:00:00", "published": "2014-10-06T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15637.html", "id": "SOL15637", "title": "SOL15637 - GnuTLS vulnerability CVE-2013-2116", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2013-0169", "CVE-2013-1619"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-10-23T00:00:00", "published": "2014-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15721.html", "id": "SOL15721", "title": "SOL15721 - GnuTLS vulnerability CVE-2013-1619", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "edition": 1, "description": "### Background\n\nGnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. \n\n### Description\n\nMultiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details. \n\n### Impact\n\nA remote attacker could sent a specially crafted packet to cause a Denial of Service condition. Additionally, a remote attacker could perform man-in-the-middle attacks to recover plaintext data. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GnuTLS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/gnutls-2.12.23-r1\"", "modified": "2013-10-28T00:00:00", "published": "2013-10-28T00:00:00", "id": "GLSA-201310-18", "href": "https://security.gentoo.org/glsa/201310-18", "type": "gentoo", "title": "GnuTLS: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:35", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "[2.8.5-10.2]\n- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619\n upstream patch (#966754)", "edition": 4, "modified": "2013-05-30T00:00:00", "published": "2013-05-30T00:00:00", "id": "ELSA-2013-0883", "href": "http://linux.oracle.com/errata/ELSA-2013-0883.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:54", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2014-0092", "CVE-2013-2116"], "description": "[2.8.5-13]\n- fix CVE-2014-0092 (#1069890)\n[2.8.5-12]\n- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619\n upstream patch (#966754)\n[2.8.5-11]\n- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)", "edition": 4, "modified": "2014-03-03T00:00:00", "published": "2014-03-03T00:00:00", "id": "ELSA-2014-0246", "href": "http://linux.oracle.com/errata/ELSA-2014-0246.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2009-5138", "CVE-2014-0092", "CVE-2014-5138", "CVE-2013-2116"], "description": "[1.4.1-14]\n- Renamed gnutls-1.4.1-cve-2014-0092-1.patch to cve-2014-5138.patch\n- Renamed gnutls-1.4.1-cve-2014-0092-2.patch to cve-2014-0092.patch\n[1.4.1-13]\n- fix issues of CVE-2014-0092 (#1069888)\n[1.4.1-12]\n- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619\n upstream patch (#966754)\n[1.4.1-11]\n- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)", "edition": 5, "modified": "2014-03-03T00:00:00", "published": "2014-03-03T00:00:00", "id": "ELSA-2014-0247", "href": "http://linux.oracle.com/errata/ELSA-2014-0247.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "[2.8.5-10.1]\n- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)", "edition": 4, "modified": "2013-03-04T00:00:00", "published": "2013-03-04T00:00:00", "id": "ELSA-2013-0588", "href": "http://linux.oracle.com/errata/ELSA-2013-0588.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released via\nRHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\nencrypted records when CBC-mode cipher suites were used. A remote attacker\ncould possibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect this issue. For the update to take effect, all applications linked\nto the GnuTLS library must be restarted.\n", "modified": "2018-06-06T20:24:23", "published": "2013-05-30T04:00:00", "id": "RHSA-2013:0883", "href": "https://access.redhat.com/errata/RHSA-2013:0883", "type": "redhat", "title": "(RHSA-2013:0883) Important: gnutls security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nIt was discovered that GnuTLS leaked timing information when decrypting\nTLS/SSL protocol encrypted records when CBC-mode cipher suites were used.\nA remote attacker could possibly use this flaw to retrieve plain text from\nthe encrypted packets by using a TLS/SSL server as a padding oracle.\n(CVE-2013-1619)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted,\nor the system rebooted.\n", "modified": "2018-06-06T20:24:31", "published": "2013-03-04T05:00:00", "id": "RHSA-2013:0588", "href": "https://access.redhat.com/errata/RHSA-2013:0588", "type": "redhat", "title": "(RHSA-2013:0588) Moderate: gnutls security update", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:36:38", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "**Issue Overview:**\n\nIt was discovered that the fix for the [CVE-2013-1619 __](<https://access.redhat.com/security/cve/CVE-2013-1619>) issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. ([CVE-2013-2116 __](<https://access.redhat.com/security/cve/CVE-2013-2116>))\n\n \n**Affected Packages:** \n\n\ngnutls\n\n \n**Issue Correction:** \nRun _yum update gnutls_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnutls-debuginfo-2.8.5-10.10.amzn1.i686 \n gnutls-devel-2.8.5-10.10.amzn1.i686 \n gnutls-2.8.5-10.10.amzn1.i686 \n gnutls-utils-2.8.5-10.10.amzn1.i686 \n gnutls-guile-2.8.5-10.10.amzn1.i686 \n \n src: \n gnutls-2.8.5-10.10.amzn1.src \n \n x86_64: \n gnutls-2.8.5-10.10.amzn1.x86_64 \n gnutls-utils-2.8.5-10.10.amzn1.x86_64 \n gnutls-guile-2.8.5-10.10.amzn1.x86_64 \n gnutls-debuginfo-2.8.5-10.10.amzn1.x86_64 \n gnutls-devel-2.8.5-10.10.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-06-11T22:44:00", "published": "2013-06-11T22:44:00", "id": "ALAS-2013-197", "href": "https://alas.aws.amazon.com/ALAS-2013-197.html", "title": "Important: gnutls", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:35:19", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "**Issue Overview:**\n\nIt was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. ([CVE-2013-1619 __](<https://access.redhat.com/security/cve/CVE-2013-1619>))\n\n \n**Affected Packages:** \n\n\ngnutls\n\n \n**Issue Correction:** \nRun _yum update gnutls_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnutls-guile-2.8.5-10.9.amzn1.i686 \n gnutls-2.8.5-10.9.amzn1.i686 \n gnutls-debuginfo-2.8.5-10.9.amzn1.i686 \n gnutls-utils-2.8.5-10.9.amzn1.i686 \n gnutls-devel-2.8.5-10.9.amzn1.i686 \n \n src: \n gnutls-2.8.5-10.9.amzn1.src \n \n x86_64: \n gnutls-utils-2.8.5-10.9.amzn1.x86_64 \n gnutls-2.8.5-10.9.amzn1.x86_64 \n gnutls-devel-2.8.5-10.9.amzn1.x86_64 \n gnutls-debuginfo-2.8.5-10.9.amzn1.x86_64 \n gnutls-guile-2.8.5-10.9.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-03-14T22:04:00", "published": "2013-03-14T22:04:00", "id": "ALAS-2013-172", "href": "https://alas.aws.amazon.com/ALAS-2013-172.html", "title": "Medium: gnutls", "type": "amazon", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:25:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0883\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released via\nRHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\nencrypted records when CBC-mode cipher suites were used. A remote attacker\ncould possibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect this issue. For the update to take effect, all applications linked\nto the GnuTLS library must be restarted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-May/031804.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-May/031805.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-guile\ngnutls-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0883.html", "edition": 3, "modified": "2013-05-30T20:28:37", "published": "2013-05-30T18:50:13", "href": "http://lists.centos.org/pipermail/centos-announce/2013-May/031804.html", "id": "CESA-2013:0883", "title": "gnutls security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2013-06-11T09:01:09", "published": "2013-06-11T09:01:09", "id": "FEDORA:E395C20BB0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mingw-gnutls-2.12.23-2.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2013-06-11T09:10:43", "published": "2013-06-11T09:10:43", "id": "FEDORA:2355020C92", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.23-2.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2116"], "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "modified": "2013-06-11T09:19:26", "published": "2013-06-11T09:19:26", "id": "FEDORA:72D6B21519", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: gnutls-2.12.23-2.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2116"], "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "modified": "2013-06-11T09:08:17", "published": "2013-06-11T09:08:17", "id": "FEDORA:A99D020B93", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: gnutls-2.12.23-2.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2013-02-17T03:26:31", "published": "2013-02-17T03:26:31", "id": "FEDORA:65769212E7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mingw-gnutls-2.12.22-1.fc18", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2013-02-17T03:31:06", "published": "2013-02-17T03:31:06", "id": "FEDORA:8124B2133D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.20-1.fc17", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2013-03-14T03:06:46", "published": "2013-03-14T03:06:46", "id": "FEDORA:323B5217E8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.23-1.fc17", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "modified": "2013-03-12T23:33:08", "published": "2013-03-12T23:33:08", "id": "FEDORA:6572320913", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: gnutls-2.12.23-1.fc17", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2013-03-14T02:58:28", "published": "2013-03-14T02:58:28", "id": "FEDORA:687C121573", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mingw-gnutls-2.12.23-1.fc18", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-17T13:47:37", "description": "It was discovered that the fix for the CVE-2013-1619 issue released\nvia SLSA-2013:0588 introduced a regression in the way GnuTLS decrypted\nTLS/SSL encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to crash a server or\nclient application that uses GnuTLS. (CVE-2013-2116)\n\nFor the update to take effect, all applications linked to the GnuTLS\nlibrary must be restarted.", "edition": 14, "published": "2013-05-31T00:00:00", "title": "Scientific Linux Security Update : gnutls on SL5.x, SL6.x i386/srpm/x86_64 (20130530)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2013-05-31T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gnutls-devel", "p-cpe:/a:fermilab:scientific_linux:gnutls-utils", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:gnutls-guile", "p-cpe:/a:fermilab:scientific_linux:gnutls"], "id": "SL_20130530_GNUTLS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/66708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66708);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1619\", \"CVE-2013-2116\");\n\n script_name(english:\"Scientific Linux Security Update : gnutls on SL5.x, SL6.x i386/srpm/x86_64 (20130530)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the fix for the CVE-2013-1619 issue released\nvia SLSA-2013:0588 introduced a regression in the way GnuTLS decrypted\nTLS/SSL encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to crash a server or\nclient application that uses GnuTLS. (CVE-2013-2116)\n\nFor the update to take effect, all applications linked to the GnuTLS\nlibrary must be restarted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1305&L=scientific-linux-errata&T=0&P=2550\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10b27527\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-1.4.1-10.el5_9.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-debuginfo-1.4.1-10.el5_9.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-debuginfo-1.4.1-10.el5_9.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-devel-1.4.1-10.el5_9.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-utils-1.4.1-10.el5_9.2\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"gnutls-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-debuginfo-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-debuginfo-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-devel-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-guile-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-utils-2.8.5-10.el6_4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-guile / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:12:35", "description": "Updated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released\nvia RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted\nTLS/SSL encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to crash a server or\nclient application that uses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct this issue. For the update to take effect, all\napplications linked to the GnuTLS library must be restarted.", "edition": 24, "published": "2013-05-31T00:00:00", "title": "RHEL 5 / 6 : gnutls (RHSA-2013:0883)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2013-05-31T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gnutls-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:gnutls-utils", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:gnutls", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:gnutls-guile"], "id": "REDHAT-RHSA-2013-0883.NASL", "href": "https://www.tenable.com/plugins/nessus/66706", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0883. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66706);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-2116\");\n script_xref(name:\"RHSA\", value:\"2013:0883\");\n\n script_name(english:\"RHEL 5 / 6 : gnutls (RHSA-2013:0883)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released\nvia RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted\nTLS/SSL encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to crash a server or\nclient application that uses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct this issue. For the update to take effect, all\napplications linked to the GnuTLS library must be restarted.\"\n );\n # https://rhn.redhat.com/errata/RHSA-2013-0588.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2116\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0883\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-1.4.1-10.el5_9.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-debuginfo-1.4.1-10.el5_9.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-devel-1.4.1-10.el5_9.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnutls-utils-1.4.1-10.el5_9.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnutls-utils-1.4.1-10.el5_9.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnutls-utils-1.4.1-10.el5_9.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"gnutls-2.8.5-10.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"gnutls-debuginfo-2.8.5-10.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"gnutls-devel-2.8.5-10.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"gnutls-guile-2.8.5-10.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"gnutls-utils-2.8.5-10.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"gnutls-utils-2.8.5-10.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"gnutls-utils-2.8.5-10.el6_4.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-guile / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:28:45", "description": "Updated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released\nvia RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted\nTLS/SSL encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to crash a server or\nclient application that uses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct this issue. For the update to take effect, all\napplications linked to the GnuTLS library must be restarted.", "edition": 23, "published": "2013-05-31T00:00:00", "title": "CentOS 5 / 6 : gnutls (CESA-2013:0883)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2013-05-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gnutls-devel", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:gnutls-utils", "p-cpe:/a:centos:centos:gnutls-guile", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:gnutls"], "id": "CENTOS_RHSA-2013-0883.NASL", "href": "https://www.tenable.com/plugins/nessus/66701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0883 and \n# CentOS Errata and Security Advisory 2013:0883 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66701);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-2116\");\n script_bugtraq_id(60215);\n script_xref(name:\"RHSA\", value:\"2013:0883\");\n\n script_name(english:\"CentOS 5 / 6 : gnutls (CESA-2013:0883)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released\nvia RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted\nTLS/SSL encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to crash a server or\nclient application that uses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct this issue. For the update to take effect, all\napplications linked to the GnuTLS library must be restarted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-May/019766.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46ba435e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-May/019767.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6294312\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2116\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-1.4.1-10.el5_9.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-devel-1.4.1-10.el5_9.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-utils-1.4.1-10.el5_9.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"gnutls-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"gnutls-devel-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"gnutls-guile-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"gnutls-utils-2.8.5-10.el6_4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-guile / gnutls-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-03-01T01:21:21", "description": "It was discovered that the fix for the CVE-2013-1619 issue introduced\na regression in the way GnuTLS decrypted TLS/SSL encrypted records\nwhen CBC-mode cipher suites were used. A remote attacker could\npossibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)", "edition": 25, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : gnutls (ALAS-2013-197)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:gnutls", "p-cpe:/a:amazon:linux:gnutls-debuginfo", "p-cpe:/a:amazon:linux:gnutls-utils", "p-cpe:/a:amazon:linux:gnutls-devel", "p-cpe:/a:amazon:linux:gnutls-guile", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-197.NASL", "href": "https://www.tenable.com/plugins/nessus/69755", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-197.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69755);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-1619\", \"CVE-2013-2116\");\n script_xref(name:\"ALAS\", value:\"2013-197\");\n script_xref(name:\"RHSA\", value:\"2013:0883\");\n\n script_name(english:\"Amazon Linux AMI : gnutls (ALAS-2013-197)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the fix for the CVE-2013-1619 issue introduced\na regression in the way GnuTLS decrypted TLS/SSL encrypted records\nwhen CBC-mode cipher suites were used. A remote attacker could\npossibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-197.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update gnutls' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-2.8.5-10.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-debuginfo-2.8.5-10.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-devel-2.8.5-10.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-guile-2.8.5-10.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-utils-2.8.5-10.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-guile / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:47:59", "description": "From Red Hat Security Advisory 2013:0883 :\n\nUpdated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released\nvia RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted\nTLS/SSL encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to crash a server or\nclient application that uses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct this issue. For the update to take effect, all\napplications linked to the GnuTLS library must be restarted.", "edition": 20, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : gnutls (ELSA-2013-0883)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:gnutls-utils", "p-cpe:/a:oracle:linux:gnutls", "p-cpe:/a:oracle:linux:gnutls-guile", "p-cpe:/a:oracle:linux:gnutls-devel"], "id": "ORACLELINUX_ELSA-2013-0883.NASL", "href": "https://www.tenable.com/plugins/nessus/68829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0883 and \n# Oracle Linux Security Advisory ELSA-2013-0883 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68829);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-2116\");\n script_bugtraq_id(57736, 60215);\n script_xref(name:\"RHSA\", value:\"2013:0883\");\n\n script_name(english:\"Oracle Linux 5 / 6 : gnutls (ELSA-2013-0883)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0883 :\n\nUpdated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nIt was discovered that the fix for the CVE-2013-1619 issue released\nvia RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted\nTLS/SSL encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to crash a server or\nclient application that uses GnuTLS. (CVE-2013-2116)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct this issue. For the update to take effect, all\napplications linked to the GnuTLS library must be restarted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-May/003496.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-May/003499.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-1.4.1-10.el5_9.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-devel-1.4.1-10.el5_9.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-utils-1.4.1-10.el5_9.2\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"gnutls-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-devel-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-guile-2.8.5-10.el6_4.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-utils-2.8.5-10.el6_4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-guile / gnutls-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:00:59", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The TLS implementation in GnuTLS before 2.12.23, 3.0.x\n before 3.0.28, and 3.1.x before 3.1.7 does not properly\n consider timing side-channel attacks on a noncompliant\n MAC check operation during the processing of malformed\n CBC padding, which allows remote attackers to conduct\n distinguishing attacks and plaintext-recovery attacks\n via statistical analysis of timing data for crafted\n packets, a related issue to CVE-2013-0169.\n (CVE-2013-1619)\n\n - The _gnutls_ciphertext2compressed function in\n lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote\n attackers to cause a denial of service (buffer over-read\n and crash) via a crafted padding length. NOTE: this\n might be due to an incorrect fix for CVE-2013-0169.\n (CVE-2013-2116)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : gnutls (cve_2013_1619_cryptographic_issues)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0169", "CVE-2013-1619", "CVE-2013-2116"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:gnutls", "cpe:/o:oracle:solaris:11.1"], "id": "SOLARIS11_GNUTLS_20130924.NASL", "href": "https://www.tenable.com/plugins/nessus/80630", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80630);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1619\", \"CVE-2013-2116\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : gnutls (cve_2013_1619_cryptographic_issues)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The TLS implementation in GnuTLS before 2.12.23, 3.0.x\n before 3.0.28, and 3.1.x before 3.1.7 does not properly\n consider timing side-channel attacks on a noncompliant\n MAC check operation during the processing of malformed\n CBC padding, which allows remote attackers to conduct\n distinguishing attacks and plaintext-recovery attacks\n via statistical analysis of timing data for crafted\n packets, a related issue to CVE-2013-0169.\n (CVE-2013-1619)\n\n - The _gnutls_ciphertext2compressed function in\n lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote\n attackers to cause a denial of service (buffer over-read\n and crash) via a crafted padding length. NOTE: this\n might be due to an incorrect fix for CVE-2013-0169.\n (CVE-2013-2116)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2013-1619-cryptographic-issues-vulnerability-in-gnutls\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7d8bc44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2013-2116-input-validation-vulnerability-in-gnutls\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6d3042f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.11.4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:gnutls\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^gnutls$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.11.0.4.0\", sru:\"SRU 11.1.11.4.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : gnutls\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"gnutls\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:10:40", "description": "New gnutls packages are available for Slackware 12.1, 12.2, 13.0,\n13.1, and 13.37 to fix security issues.", "edition": 23, "published": "2013-10-15T00:00:00", "title": "Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4128", "CVE-2013-1619", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-2116"], "modified": "2013-10-15T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:12.2", "p-cpe:/a:slackware:slackware_linux:gnutls", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2013-287-03.NASL", "href": "https://www.tenable.com/plugins/nessus/70439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-287-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70439);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\", \"CVE-2013-1619\", \"CVE-2013-2116\");\n script_bugtraq_id(50609, 52667, 52668, 57736, 60215);\n script_xref(name:\"SSA\", value:\"2013-287-03\");\n\n script_name(english:\"Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnutls packages are available for Slackware 12.1, 12.2, 13.0,\n13.1, and 13.37 to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.467196\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb55c642\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.1\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"i486\", pkgnum:\"2_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"i486\", pkgnum:\"2_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"gnutls\", pkgver:\"2.8.6\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.8.6\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"gnutls\", pkgver:\"2.10.5\", pkgarch:\"i486\", pkgnum:\"2_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.10.5\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.37\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T13:23:35", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2015-0282 (#1198159)\n\n - fix CVE-2015-0294 (#1198159)\n\n - Corrected value initialization in mpi printing\n (#1129241)\n\n - Check for expiry information in the CA certificates\n (#1159778)\n\n - fix issue with integer padding in certificates and keys\n (#1036385)\n\n - fix session ID length check (#1102025)\n\n - fix CVE-2014-0092 (#1069891)\n\n - fix CVE-2013-2116 - fix DoS regression in\n (CVE-2013-1619) upstream patch (#966754)\n\n - fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2015-07-31T00:00:00", "title": "OracleVM 3.3 : gnutls (OVMSA-2015-0101)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0282", "CVE-2013-1619", "CVE-2014-0092", "CVE-2015-0294", "CVE-2013-2116"], "modified": "2015-07-31T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:gnutls"], "id": "ORACLEVM_OVMSA-2015-0101.NASL", "href": "https://www.tenable.com/plugins/nessus/85142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0101.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85142);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1619\", \"CVE-2013-2116\", \"CVE-2014-0092\", \"CVE-2015-0282\", \"CVE-2015-0294\");\n script_bugtraq_id(57736, 60215, 65919, 73119, 73162);\n\n script_name(english:\"OracleVM 3.3 : gnutls (OVMSA-2015-0101)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2015-0282 (#1198159)\n\n - fix CVE-2015-0294 (#1198159)\n\n - Corrected value initialization in mpi printing\n (#1129241)\n\n - Check for expiry information in the CA certificates\n (#1159778)\n\n - fix issue with integer padding in certificates and keys\n (#1036385)\n\n - fix session ID length check (#1102025)\n\n - fix CVE-2014-0092 (#1069891)\n\n - fix CVE-2013-2116 - fix DoS regression in\n (CVE-2013-1619) upstream patch (#966754)\n\n - fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000350.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"gnutls-2.8.5-18.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T14:38:42", "description": "This update of GnuTLS fixes a regression introduced by the previous\nupdate that could have resulted in a Denial of Service (application\ncrash).", "edition": 17, "published": "2013-06-21T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : GnuTLS (SAT Patch Numbers 7781 / 7918)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2116"], "modified": "2013-06-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit", "p-cpe:/a:novell:suse_linux:11:gnutls", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libgnutls-extra26", "p-cpe:/a:novell:suse_linux:11:libgnutls26"], "id": "SUSE_11_GNUTLS-130528.NASL", "href": "https://www.tenable.com/plugins/nessus/66954", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66954);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2116\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : GnuTLS (SAT Patch Numbers 7781 / 7918)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of GnuTLS fixes a regression introduced by the previous\nupdate that could have resulted in a Denial of Service (application\ncrash).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=821818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2116.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 7781 / 7918 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"gnutls-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libgnutls26-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"gnutls-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libgnutls26-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"gnutls-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libgnutls26-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"gnutls-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libgnutls26-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"gnutls-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libgnutls-extra26-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libgnutls26-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libgnutls26-32bit-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"gnutls-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libgnutls-extra26-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libgnutls26-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libgnutls26-32bit-2.4.1-24.39.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:59", "description": "Fix for CVE-2013-2116.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-07-12T00:00:00", "title": "Fedora 17 : mingw-gnutls-2.12.23-2.fc17 (2013-9774)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2116"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:mingw-gnutls"], "id": "FEDORA_2013-9774.NASL", "href": "https://www.tenable.com/plugins/nessus/67378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-9774.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67378);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2116\");\n script_bugtraq_id(60215);\n script_xref(name:\"FEDORA\", value:\"2013-9774\");\n\n script_name(english:\"Fedora 17 : mingw-gnutls-2.12.23-2.fc17 (2013-9774)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2013-2116.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=966754\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108474.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddf64dc2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"mingw-gnutls-2.12.23-2.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-gnutls\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310871001", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871001", "type": "openvas", "title": "RedHat Update for gnutls RHSA-2013:0883-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2013:0883-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"gnutls on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that the fix for the CVE-2013-1619 issue released via\n RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\n encrypted records when CBC-mode cipher suites were used. A remote attacker\n could possibly use this flaw to crash a server or client application that\n uses GnuTLS. (CVE-2013-2116)\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n correct this issue. For the update to take effect, all applications linked\n to the GnuTLS library must be restarted.\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.871001\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:50:26 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"RedHat Update for gnutls RHSA-2013:0883-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0883-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-May/msg00038.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~10.el6_4.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~2.8.5~10.el6_4.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~10.el6_4.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~10.el6_4.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~10.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~1.4.1~10.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~10.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~10.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-23T13:09:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "Check for the Version of mingw-gnutls", "modified": "2018-01-23T00:00:00", "published": "2013-06-13T00:00:00", "id": "OPENVAS:865758", "href": "http://plugins.openvas.org/nasl.php?oid=865758", "type": "openvas", "title": "Fedora Update for mingw-gnutls FEDORA-2013-9783", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2013-9783\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mingw-gnutls on Fedora 18\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865758);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:02:17 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2013-9783\");\n\n script_xref(name: \"FEDORA\", value: \"2013-9783\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108446.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.23~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310881738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881738", "type": "openvas", "title": "CentOS Update for gnutls CESA-2013:0883 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2013:0883 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881738\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:51:13 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for gnutls CESA-2013:0883 centos5\");\n\n script_xref(name:\"CESA\", value:\"2013:0883\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-May/019766.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"gnutls on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that the fix for the CVE-2013-1619 issue released via\n RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\n encrypted records when CBC-mode cipher suites were used. A remote attacker\n could possibly use this flaw to crash a server or client application that\n uses GnuTLS. (CVE-2013-2116)\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n correct this issue. For the update to take effect, all applications linked\n to the GnuTLS library must be restarted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~10.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~10.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~10.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-27T10:51:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "Check for the Version of gnutls", "modified": "2017-07-12T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:871001", "href": "http://plugins.openvas.org/nasl.php?oid=871001", "type": "openvas", "title": "RedHat Update for gnutls RHSA-2013:0883-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2013:0883-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that the fix for the CVE-2013-1619 issue released via\n RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\n encrypted records when CBC-mode cipher suites were used. A remote attacker\n could possibly use this flaw to crash a server or client application that\n uses GnuTLS. (CVE-2013-2116)\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n correct this issue. For the update to take effect, all applications linked\n to the GnuTLS library must be restarted.\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"gnutls on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_id(871001);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:50:26 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"RedHat Update for gnutls RHSA-2013:0883-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0883-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-May/msg00038.html\");\n script_summary(\"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~10.el6_4.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~2.8.5~10.el6_4.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~10.el6_4.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~10.el6_4.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~10.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~1.4.1~10.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~10.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~10.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:09:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "Check for the Version of mingw-gnutls", "modified": "2018-01-26T00:00:00", "published": "2013-06-13T00:00:00", "id": "OPENVAS:865809", "href": "http://plugins.openvas.org/nasl.php?oid=865809", "type": "openvas", "title": "Fedora Update for mingw-gnutls FEDORA-2013-9774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2013-9774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mingw-gnutls on Fedora 17\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865809);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:03:45 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2013-9774\");\n\n script_xref(name: \"FEDORA\", value: \"2013-9774\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108474.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.23~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-13T00:00:00", "id": "OPENVAS:1361412562310865758", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865758", "type": "openvas", "title": "Fedora Update for mingw-gnutls FEDORA-2013-9783", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2013-9783\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865758\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:02:17 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2013-9783\");\n script_xref(name:\"FEDORA\", value:\"2013-9783\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108446.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"mingw-gnutls on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.23~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "Gentoo Linux Local Security Checks GLSA 201310-18", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121056", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201310-18", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201310-18.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121056\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:13 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201310-18\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201310-18\");\n script_cve_id(\"CVE-2013-1619\", \"CVE-2013-2116\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201310-18\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-libs/gnutls\", unaffected: make_list(\"ge 2.12.23-r1\"), vulnerable: make_list(\"lt 2.12.23-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-26T11:10:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "Check for the Version of gnutls", "modified": "2018-01-25T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:881738", "href": "http://plugins.openvas.org/nasl.php?oid=881738", "type": "openvas", "title": "CentOS Update for gnutls CESA-2013:0883 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2013:0883 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that the fix for the CVE-2013-1619 issue released via\n RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\n encrypted records when CBC-mode cipher suites were used. A remote attacker\n could possibly use this flaw to crash a server or client application that\n uses GnuTLS. (CVE-2013-2116)\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n correct this issue. For the update to take effect, all applications linked\n to the GnuTLS library must be restarted.\";\n\n\ntag_affected = \"gnutls on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881738);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:51:13 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for gnutls CESA-2013:0883 centos5 \");\n\n script_xref(name: \"CESA\", value: \"2013:0883\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-May/019766.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~10.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~10.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~10.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-24T11:09:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "Check for the Version of gnutls", "modified": "2018-01-24T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:881742", "href": "http://plugins.openvas.org/nasl.php?oid=881742", "type": "openvas", "title": "CentOS Update for gnutls CESA-2013:0883 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2013:0883 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n It was discovered that the fix for the CVE-2013-1619 issue released via\n RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL\n encrypted records when CBC-mode cipher suites were used. A remote attacker\n could possibly use this flaw to crash a server or client application that\n uses GnuTLS. (CVE-2013-2116)\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n correct this issue. For the update to take effect, all applications linked\n to the GnuTLS library must be restarted.\";\n\n\ntag_affected = \"gnutls on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881742);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:51:38 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for gnutls CESA-2013:0883 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:0883\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-May/019767.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~10.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~10.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~10.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~10.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1619", "CVE-2013-2116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-13T00:00:00", "id": "OPENVAS:1361412562310865809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865809", "type": "openvas", "title": "Fedora Update for mingw-gnutls FEDORA-2013-9774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2013-9774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865809\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:03:45 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-2116\", \"CVE-2013-1619\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2013-9774\");\n script_xref(name:\"FEDORA\", value:\"2013-9774\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108474.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mingw-gnutls on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.23~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619", "CVE-2009-5138", "CVE-2014-0092", "CVE-2013-2116"], "description": "The GnuTLS library received a critical security fix and\n other updates:\n\n * CVE-2014-0092: The X.509 certificate verification had\n incorrect error handling, which could lead to broken\n certificates marked as being valid.\n * CVE-2009-5138: A verification problem in handling V1\n certificates could also lead to V1 certificates incorrectly\n being handled.\n * CVE-2013-2116: The _gnutls_ciphertext2compressed\n function in lib/gnutls_cipher.c in GnuTLS allowed remote\n attackers to cause a denial of service (buffer over-read\n and crash) via a crafted padding length.\n * CVE-2013-1619: Timing attacks against hashing of\n padding was fixed which might have allowed disclosure of\n keys. (Lucky13 attack).\n\n Also the following non-security bugs have been fixed:\n\n * gnutls doesn't like root CAs without Basic\n Constraints. Permit V1 Certificate Authorities properly\n (bnc#760265)\n * memory leak in PSK authentication (bnc#835760)\n", "edition": 1, "modified": "2014-03-04T01:07:15", "published": "2014-03-04T01:07:15", "id": "SUSE-SU-2014:0322-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html", "title": "Security update for gnutls (critical)", "type": "suse", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:57:34", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2116"], "description": "This update of GnuTLS fixes a regression introduced by the\n previous update that could have resulted in a Denial of\n Service (application crash).\n", "edition": 1, "modified": "2013-06-20T22:04:17", "published": "2013-06-20T22:04:17", "id": "SUSE-SU-2013:1060-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html", "type": "suse", "title": "Security update for GnuTLS (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2116"], "description": "This update of GnuTLS fixes a regression introduced by the\n previous update that could have resulted in a Denial of\n Service (application crash).\n", "edition": 1, "modified": "2013-07-04T22:04:13", "published": "2013-07-04T22:04:13", "id": "SUSE-SU-2013:1060-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00007.html", "title": "Security update for GnuTLS (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-1619", "CVE-2013-2116"], "description": "New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1,\nand 13.37 to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/gnutls-2.10.5-i486-2_slack13.37.txz: Rebuilt.\n [Updated to the correct version to fix fetching the \"latest\" from gnu.org]\n This update prevents a side-channel attack which may allow remote attackers\n to conduct distinguishing attacks and plaintext recovery attacks using\n statistical analysis of timing data for crafted packets.\n Other minor security issues are patched as well.\n Thanks to mancha for backporting these patches.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/gnutls-2.8.4-i486-2_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/gnutls-2.8.4-i486-2_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnutls-2.8.4-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnutls-2.8.4-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnutls-2.8.6-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnutls-2.8.6-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnutls-2.10.5-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnutls-2.10.5-x86_64-2_slack13.37.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\nb1befa86737a2451146dd108eb58b9a9 gnutls-2.8.4-i486-2_slack12.1.tgz\n\nSlackware 12.2 package:\n7ea0f267149d76ccdcca1206027e664f gnutls-2.8.4-i486-2_slack12.2.tgz\n\nSlackware 13.0 package:\n2c102969a15b8a66e79ec4d07821faf7 gnutls-2.8.4-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n501b5709da4ff494a3ecdfee74187281 gnutls-2.8.4-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\na7d101cd7fc47cf9e4e0f15406ca29fd gnutls-2.8.6-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n65a234fe93b46c7ea29799ffc3e4f25e gnutls-2.8.6-x86_64-2_slack13.1.txz\n\nSlackware 13.37 package:\n9cf8770560e17d1d57267cb05bf3badd gnutls-2.10.5-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n349f7f77e29612b679522a4a199c03fa gnutls-2.10.5-x86_64-2_slack13.37.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-2.10.5-i486-2_slack13.37.txz", "modified": "2013-10-15T00:18:30", "published": "2013-10-15T00:18:30", "id": "SSA-2013-287-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.467196", "type": "slackware", "title": "[slackware-security] gnutls", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-10-25T16:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "New gnutls packages are available for Slackware 14.0, and -current to fix a\nsecurity issue.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/gnutls-3.0.26-i486-1_slack14.0.txz: Upgraded.\n This update prevents a side-channel attack which may allow remote attackers\n to conduct distinguishing attacks and plaintext recovery attacks using\n statistical analysis of timing data for crafted packets.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnutls-3.0.26-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnutls-3.0.26-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.0.26-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.0.26-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nb4871658060b56ee03e2d04a9d5b96e4 gnutls-3.0.26-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n976ca3bf65238d75a027cb2203cf9612 gnutls-3.0.26-x86_64-1_slack14.0.txz\n\nSlackware -current package:\n16e99934d07c8aab09016e0cb2c6cfa1 n/gnutls-3.0.26-i486-1.txz\n\nSlackware x86_64 -current package:\ndffa995fb8369f1c7afd7342dd31697e n/gnutls-3.0.26-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-3.0.26-i486-1_slack14.0.txz", "modified": "2013-08-30T07:46:14", "published": "2013-08-30T07:46:14", "id": "SSA-2013-242-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.354993", "type": "slackware", "title": "[slackware-security] gnutls", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:22:05", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2116"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2697-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMay 29, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gnutls26\nVulnerability : out-of-bounds array read\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-2116\nDebian Bug : 709301\n\nIt was discovered that a malicious client could crash a GNUTLS server\nand vice versa, by sending TLS records encrypted with a block cipher\nwhich contain invalid padding.\n\nThe oldstable distribution (squeeze) is not affected because the\nsecurity fix that introduced this vulnerability was not applied to it.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.12.20-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.23-5.\n\nWe recommend that you upgrade your gnutls26 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2013-05-29T19:59:42", "published": "2013-05-29T19:59:42", "id": "DEBIAN:DSA-2697-1:60A8F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00106.html", "title": "[SECURITY] [DSA 2697-1] gnutls26 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:18", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2116"], "description": "It was discovered that GnuTLS incorrectly handled certain padding bytes. A \nremote attacker could use this flaw to cause an application using GnuTLS to \ncrash, leading to a denial of service.", "edition": 5, "modified": "2013-05-29T00:00:00", "published": "2013-05-29T00:00:00", "id": "USN-1843-1", "href": "https://ubuntu.com/security/notices/USN-1843-1", "title": "GnuTLS vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:43:57", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1619"], "description": "Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used \nin GnuTLS was vulnerable to a timing side-channel attack known as the \n\"Lucky Thirteen\" issue. A remote attacker could use this issue to perform \nplaintext-recovery attacks via analysis of timing data.", "edition": 5, "modified": "2013-02-27T00:00:00", "published": "2013-02-27T00:00:00", "id": "USN-1752-1", "href": "https://ubuntu.com/security/notices/USN-1752-1", "title": "GnuTLS vulnerability", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "cvelist": ["CVE-2013-2116"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:171\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : gnutls\r\n Date : May 30, 2013\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in gnutls:\r\n \r\n A flaw was found in the way GnuTLS decrypted TLS record packets when\r\n using CBC encryption. The number of pad bytes read form the packet\r\n was not checked against the cipher text size, resulting in an out of\r\n bounds read. This could cause a TLS client or server using GnuTLS to\r\n crash &#40;CVE-2013-2116&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116\r\n https://bugzilla.redhat.com/show_bug.cgi?id=966754\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n e15cc4fbecb40fa5a0e45722ae69e62d mes5/i586/gnutls-2.4.1-2.9mdvmes5.2.i586.rpm\r\n 0cdf4df237294321e66a5bd6fdd7a2e7 mes5/i586/libgnutls26-2.4.1-2.9mdvmes5.2.i586.rpm\r\n 05b89e124200abd96670015069483f1f mes5/i586/libgnutls-devel-2.4.1-2.9mdvmes5.2.i586.rpm \r\n 916a8c1c13f5c2f12693a97cd33dfdf1 mes5/SRPMS/gnutls-2.4.1-2.9mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 9ba0af4a21b4d82f49063bca05ad26a3 mes5/x86_64/gnutls-2.4.1-2.9mdvmes5.2.x86_64.rpm\r\n ec31286c02a0228ca592192b4c8cb86c mes5/x86_64/lib64gnutls26-2.4.1-2.9mdvmes5.2.x86_64.rpm\r\n a0ba53e991ded4a6c7d0514316763514 mes5/x86_64/lib64gnutls-devel-2.4.1-2.9mdvmes5.2.x86_64.rpm \r\n 916a8c1c13f5c2f12693a97cd33dfdf1 mes5/SRPMS/gnutls-2.4.1-2.9mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFRp3SwmqjQ0CJFipgRArSzAKDVTEDczaGGgLHMRpJc84Dv8PyxCgCfV8Mb\r\nnYtIpfd2q6Mob2D41yZTmSk=\r\n=xB1w\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-06-03T00:00:00", "published": "2013-06-03T00:00:00", "id": "SECURITYVULNS:DOC:29438", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29438", "title": "[ MDVSA-2013:171 ] gnutls", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-2116"], "description": "Out-of-bounds read on packet decoding.", "edition": 1, "modified": "2013-06-03T00:00:00", "published": "2013-06-03T00:00:00", "id": "SECURITYVULNS:VULN:13101", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13101", "title": "gnutls DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-1619"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1752-1\r\nFebruary 27, 2013\r\n\r\ngnutls13, gnutls26 vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nGnuTLS could be made to expose sensitive information over the network.\r\n\r\nSoftware Description:\r\n- gnutls26: GNU TLS library\r\n- gnutls13: GNU TLS library\r\n\r\nDetails:\r\n\r\nNadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used\r\nin GnuTLS was vulnerable to a timing side-channel attack known as the\r\n&quot;Lucky Thirteen&quot; issue. A remote attacker could use this issue to perform\r\nplaintext-recovery attacks via analysis of timing data.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n libgnutls26 2.12.14-5ubuntu4.2\r\n\r\nUbuntu 12.04 LTS:\r\n libgnutls26 2.12.14-5ubuntu3.2\r\n\r\nUbuntu 11.10:\r\n libgnutls26 2.10.5-1ubuntu3.3\r\n\r\nUbuntu 10.04 LTS:\r\n libgnutls26 2.8.5-2ubuntu0.3\r\n\r\nUbuntu 8.04 LTS:\r\n libgnutls13 2.0.4-1ubuntu2.9\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1752-1\r\n CVE-2013-1619\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.2\r\n https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.2\r\n https://launchpad.net/ubuntu/+source/gnutls26/2.10.5-1ubuntu3.3\r\n https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.3\r\n https://launchpad.net/ubuntu/+source/gnutls13/2.0.4-1ubuntu2.9\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-03-02T00:00:00", "published": "2013-03-02T00:00:00", "id": "SECURITYVULNS:DOC:29112", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29112", "title": "[USN-1752-1] GnuTLS vulnerability", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}