{"id": "RHSA-2014:1846", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:1846) Moderate: gnutls security update", "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). The gnutls packages also\ninclude the libtasn1 library, which provides Abstract Syntax Notation One\n(ASN.1) parsing and structures management, and Distinguished Encoding Rules\n(DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially crafted\nECC certificate or a certificate signing request that, when processed by an\napplication compiled against GnuTLS (for example, certtool), could cause\nthat application to crash or execute arbitrary code with the permissions of\nthe user running the application. (CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS or libtasn1 library must\nbe restarted.\n", "published": "2014-11-12T00:00:00", "modified": "2018-04-11T23:31:31", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2014:1846", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-8564"], "immutableFields": [], "lastseen": "2021-10-21T04:42:22", "viewCount": 3, "enchantments": {"score": {"value": 6.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201411-10"]}, {"type": "centos", "idList": ["CESA-2014:1846"]}, {"type": "cve", "idList": ["CVE-2014-8564"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-8564"]}, {"type": "f5", "idList": ["SOL15970"]}, {"type": "fedora", "idList": ["FEDORA:509B460E5280", "FEDORA:731A560D7581"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2014-1846.NASL", "FEDORA_2014-14734.NASL", "FEDORA_2014-14760.NASL", "MANDRIVA_MDVSA-2014-215.NASL", "MANDRIVA_MDVSA-2015-072.NASL", "OPENSUSE-2014-696.NASL", "ORACLELINUX_ELSA-2014-1846.NASL", "REDHAT-RHSA-2014-1846.NASL", "SL_20141112_GNUTLS_ON_SL7_X.NASL", "SUSE_SU-2014-1628-1.NASL", "UBUNTU_USN-2403-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123253", "OPENVAS:1361412562310842032", "OPENVAS:1361412562310868484", "OPENVAS:1361412562310871291", "OPENVAS:1361412562310882080"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1846"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31391", "SECURITYVULNS:VULN:14100"]}, {"type": "ubuntu", "idList": ["USN-2403-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-8564"]}]}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201411-10"]}, {"type": "centos", "idList": ["CESA-2014:1846"]}, {"type": "cve", "idList": ["CVE-2014-8564"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-8564"]}, {"type": "f5", "idList": ["SOL15970"]}, {"type": "fedora", "idList": ["FEDORA:731A560D7581"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2014-1846.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871291"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1846"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14100"]}, {"type": "ubuntu", "idList": ["USN-2403-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-8564"]}]}, "exploitation": null, "vulnersScore": 6.5}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-3.1.18-10.el7_0.s390x.rpm", "operator": "lt", "packageName": "gnutls"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-dane-3.1.18-10.el7_0.ppc64.rpm", "operator": "lt", "packageName": "gnutls-dane"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-devel-3.1.18-10.el7_0.ppc.rpm", "operator": "lt", "packageName": "gnutls-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-c++-3.1.18-10.el7_0.x86_64.rpm", "operator": "lt", "packageName": "gnutls-c++"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-3.1.18-10.el7_0.ppc.rpm", "operator": "lt", "packageName": "gnutls"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-devel-3.1.18-10.el7_0.i686.rpm", "operator": "lt", "packageName": "gnutls-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-3.1.18-10.el7_0.src.rpm", "operator": "lt", "packageName": "gnutls"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-dane-3.1.18-10.el7_0.ppc.rpm", "operator": "lt", "packageName": "gnutls-dane"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-c++-3.1.18-10.el7_0.ppc64.rpm", "operator": "lt", "packageName": "gnutls-c++"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-3.1.18-10.el7_0.i686.rpm", "operator": "lt", "packageName": "gnutls"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-c++-3.1.18-10.el7_0.s390.rpm", "operator": "lt", "packageName": "gnutls-c++"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-utils-3.1.18-10.el7_0.s390x.rpm", "operator": "lt", "packageName": "gnutls-utils"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-devel-3.1.18-10.el7_0.x86_64.rpm", "operator": "lt", "packageName": "gnutls-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-debuginfo-3.1.18-10.el7_0.i686.rpm", "operator": "lt", "packageName": "gnutls-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-dane-3.1.18-10.el7_0.s390x.rpm", "operator": "lt", "packageName": "gnutls-dane"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-3.1.18-10.el7_0.s390.rpm", "operator": "lt", "packageName": "gnutls"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-utils-3.1.18-10.el7_0.x86_64.rpm", "operator": "lt", "packageName": "gnutls-utils"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-dane-3.1.18-10.el7_0.s390.rpm", "operator": "lt", "packageName": "gnutls-dane"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-debuginfo-3.1.18-10.el7_0.ppc.rpm", "operator": "lt", "packageName": "gnutls-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-utils-3.1.18-10.el7_0.ppc64.rpm", "operator": "lt", "packageName": "gnutls-utils"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-devel-3.1.18-10.el7_0.ppc64.rpm", "operator": "lt", "packageName": "gnutls-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-debuginfo-3.1.18-10.el7_0.x86_64.rpm", "operator": "lt", "packageName": "gnutls-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-c++-3.1.18-10.el7_0.s390x.rpm", "operator": "lt", "packageName": "gnutls-c++"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-c++-3.1.18-10.el7_0.ppc.rpm", "operator": "lt", "packageName": "gnutls-c++"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-dane-3.1.18-10.el7_0.i686.rpm", "operator": "lt", "packageName": "gnutls-dane"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-3.1.18-10.el7_0.ppc64.rpm", "operator": "lt", "packageName": "gnutls"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-debuginfo-3.1.18-10.el7_0.s390.rpm", "operator": "lt", "packageName": "gnutls-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-3.1.18-10.el7_0.x86_64.rpm", "operator": "lt", "packageName": "gnutls"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-c++-3.1.18-10.el7_0.i686.rpm", "operator": "lt", "packageName": "gnutls-c++"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-devel-3.1.18-10.el7_0.s390x.rpm", "operator": "lt", "packageName": "gnutls-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-debuginfo-3.1.18-10.el7_0.ppc64.rpm", "operator": "lt", "packageName": "gnutls-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-dane-3.1.18-10.el7_0.x86_64.rpm", "operator": "lt", "packageName": "gnutls-dane"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-devel-3.1.18-10.el7_0.s390.rpm", "operator": "lt", "packageName": "gnutls-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "3.1.18-10.el7_0", "packageFilename": "gnutls-debuginfo-3.1.18-10.el7_0.s390x.rpm", "operator": "lt", "packageName": "gnutls-debuginfo"}], "vendorCvss": {"severity": "moderate"}, "_state": {"dependencies": 1647589307, "score": 0}}

{"openvas": [{"lastseen": "2019-05-29T18:36:46", "description": "Oracle Linux Local Security Checks ELSA-2014-1846", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1846", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123253", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1846.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123253\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1846\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1846 - gnutls security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1846\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1846.html\");\n script_cve_id(\"CVE-2014-8564\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~3.1.18~10.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-c++\", rpm:\"gnutls-c++~3.1.18~10.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-dane\", rpm:\"gnutls-dane~3.1.18~10.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~3.1.18~10.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~3.1.18~10.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:11", "description": "Check the version of gnutls", "cvss3": {}, "published": "2014-11-13T00:00:00", "type": "openvas", "title": "CentOS Update for gnutls CESA-2014:1846 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882080", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2014:1846 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882080\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-13 06:29:28 +0100 (Thu, 13 Nov 2014)\");\n script_cve_id(\"CVE-2014-8564\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for gnutls CESA-2014:1846 centos7\");\n\n script_tag(name:\"summary\", value:\"Check the version of gnutls\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for\ncryptographic algorithms and for protocols such as Transport Layer Security (TLS).\nThe gnutls packages also include the libtasn1 library, which provides Abstract\nSyntax Notation One (ASN.1) parsing and structures management, and Distinguished\nEncoding Rules (DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially crafted\nECC certificate or a certificate signing request that, when processed by an\napplication compiled against GnuTLS (for example, certtool), could cause\nthat application to crash or execute arbitrary code with the permissions of\nthe user running the application. (CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS or libtasn1 library must\nbe restarted.\");\n script_tag(name:\"affected\", value:\"gnutls on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1846\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-November/020756.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~3.1.18~10.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-c++\", rpm:\"gnutls-c++~3.1.18~10.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-dane\", rpm:\"gnutls-dane~3.1.18~10.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~3.1.18~10.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~3.1.18~10.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-11-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for gnutls28 USN-2403-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2403_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for gnutls28 USN-2403-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842032\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-12 06:24:39 +0100 (Wed, 12 Nov 2014)\");\n script_cve_id(\"CVE-2014-8564\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for gnutls28 USN-2403-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls28'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Sean Burford discovered that GnuTLS\nincorrectly handled printing certain elliptic curve parameters. A malicious\nremote server or client could use this issue to cause GnuTLS to crash, resulting\nin a denial of service, or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"gnutls28 on Ubuntu 14.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2403-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2403-1/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnutls-bin\", ver:\"3.2.16-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgnutls-deb0-28:amd64\", ver:\"3.2.16-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgnutls-deb0-28:i386\", ver:\"3.2.16-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgnutls-openssl27:amd64\", ver:\"3.2.16-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgnutls-openssl27:i386\", ver:\"3.2.16-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgnutlsxx28:amd64\", ver:\"3.2.16-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgnutlsxx28:i386\", ver:\"3.2.16-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-11-13T00:00:00", "type": "openvas", "title": "RedHat Update for gnutls RHSA-2014:1846-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871291", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2014:1846-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871291\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-13 06:29:06 +0100 (Thu, 13 Nov 2014)\");\n script_cve_id(\"CVE-2014-8564\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for gnutls RHSA-2014:1846-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). The gnutls packages also\ninclude the libtasn1 library, which provides Abstract Syntax Notation One\n(ASN.1) parsing and structures management, and Distinguished Encoding Rules\n(DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially crafted\nECC certificate or a certificate signing request that, when processed by an\napplication compiled against GnuTLS (for example, certtool), could cause\nthat application to crash or execute arbitrary code with the permissions of\nthe user running the application. (CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS or libtasn1 library must\nbe restarted.\");\n script_tag(name:\"affected\", value:\"gnutls on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1846-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-November/msg00027.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~3.1.18~10.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-c++\", rpm:\"gnutls-c++~3.1.18~10.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-dane\", rpm:\"gnutls-dane~3.1.18~10.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~3.1.18~10.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~3.1.18~10.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~3.1.18~10.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:25", "description": "Check the version of gnutls", "cvss3": {}, "published": "2014-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for gnutls FEDORA-2014-14760", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564", "CVE-2014-0092", "CVE-2014-1959"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868484", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnutls FEDORA-2014-14760\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868484\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-14 06:45:39 +0100 (Fri, 14 Nov 2014)\");\n script_cve_id(\"CVE-2014-8564\", \"CVE-2014-0092\", \"CVE-2014-1959\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for gnutls FEDORA-2014-14760\");\n script_tag(name:\"summary\", value:\"Check the version of gnutls\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gnutls on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-14760\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143630.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~3.1.28~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. ", "edition": 2, "cvss3": {}, "published": "2014-11-16T14:40:54", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: gnutls-3.3.10-1.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-16T14:40:54", "id": "FEDORA:509B460E5280", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. ", "edition": 2, "cvss3": {}, "published": "2014-11-13T18:22:50", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: gnutls-3.1.28-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0092", "CVE-2014-1959", "CVE-2014-8564"], "modified": "2014-11-13T18:22:50", "id": "FEDORA:731A560D7581", "href": "", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2021-08-19T12:47:45", "description": "Security fix for CVE-2014-8564\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-14T00:00:00", "type": "nessus", "title": "Fedora 20 : gnutls-3.1.28-1.fc20 (2014-14760)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnutls", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-14760.NASL", "href": "https://www.tenable.com/plugins/nessus/79240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14760.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79240);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8564\");\n script_bugtraq_id(71003);\n script_xref(name:\"FEDORA\", value:\"2014-14760\");\n\n script_name(english:\"Fedora 20 : gnutls-3.1.28-1.fc20 (2014-14760)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-8564\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1161443\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143630.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7697a20e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"gnutls-3.1.28-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T14:24:02", "description": "An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2014-8564)\n\nFor the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-13T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gnutls on SL7.x x86_64 (20141112)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gnutls", "p-cpe:/a:fermilab:scientific_linux:gnutls-c%2b%2b", "p-cpe:/a:fermilab:scientific_linux:gnutls-dane", "p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gnutls-devel", "p-cpe:/a:fermilab:scientific_linux:gnutls-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141112_GNUTLS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/79231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79231);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8564\");\n\n script_name(english:\"Scientific Linux Security Update : gnutls on SL7.x x86_64 (20141112)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially\ncrafted ECC certificate or a certificate signing request that, when\nprocessed by an application compiled against GnuTLS (for example,\ncerttool), could cause that application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2014-8564)\n\nFor the update to take effect, all applications linked to the GnuTLS\nor libtasn1 library must be restarted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=2684\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba40f941\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-dane\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnutls-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnutls-c++-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnutls-dane-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnutls-debuginfo-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnutls-devel-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gnutls-utils-3.1.18-10.el7_0\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-c++ / gnutls-dane / gnutls-debuginfo / gnutls-devel / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:40", "description": "Updated gnutls package fix security vulnerability :\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564).", "cvss3": {"score": null, "vector": null}, "published": "2014-11-20T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : gnutls (MDVSA-2014:215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gnutls", "p-cpe:/a:mandriva:linux:lib64gnutls-devel", "p-cpe:/a:mandriva:linux:lib64gnutls-ssl27", "p-cpe:/a:mandriva:linux:lib64gnutls28", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-215.NASL", "href": "https://www.tenable.com/plugins/nessus/79347", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:215. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79347);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8564\");\n script_bugtraq_id(71003);\n script_xref(name:\"MDVSA\", value:\"2014:215\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gnutls (MDVSA-2014:215)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls package fix security vulnerability :\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially\ncrafted ECC certificate or a certificate signing request that, when\nprocessed by an application compiled against GnuTLS (for example,\ncerttool), could cause that application to crash or execute arbitrary\ncode with the permissions of the user running the application\n(CVE-2014-8564).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0458.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-ssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls28\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"gnutls-3.0.28-1.8.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gnutls-devel-3.0.28-1.8.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gnutls-ssl27-3.0.28-1.8.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gnutls28-3.0.28-1.8.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T14:23:31", "description": "From Red Hat Security Advisory 2014:1846 :\n\nUpdated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-13T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : gnutls (ELSA-2014-1846)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gnutls", "p-cpe:/a:oracle:linux:gnutls-c%2b%2b", "p-cpe:/a:oracle:linux:gnutls-dane", "p-cpe:/a:oracle:linux:gnutls-devel", "p-cpe:/a:oracle:linux:gnutls-utils", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-1846.NASL", "href": "https://www.tenable.com/plugins/nessus/79227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1846 and \n# Oracle Linux Security Advisory ELSA-2014-1846 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79227);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8564\");\n script_bugtraq_id(71003);\n script_xref(name:\"RHSA\", value:\"2014:1846\");\n\n script_name(english:\"Oracle Linux 7 : gnutls (ELSA-2014-1846)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1846 :\n\nUpdated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). The gnutls\npackages also include the libtasn1 library, which provides Abstract\nSyntax Notation One (ASN.1) parsing and structures management, and\nDistinguished Encoding Rules (DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially\ncrafted ECC certificate or a certificate signing request that, when\nprocessed by an application compiled against GnuTLS (for example,\ncerttool), could cause that application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the GnuTLS or libtasn1\nlibrary must be restarted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004631.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-dane\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gnutls-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gnutls-c++-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gnutls-dane-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gnutls-devel-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gnutls-utils-3.1.18-10.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-c++ / gnutls-dane / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:48:01", "description": "new upstream release, Security fix for CVE-2014-8564\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "Fedora 21 : gnutls-3.3.10-1.fc21 (2014-14734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnutls", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-14734.NASL", "href": "https://www.tenable.com/plugins/nessus/79262", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14734.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79262);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8564\");\n script_bugtraq_id(71003);\n script_xref(name:\"FEDORA\", value:\"2014-14734\");\n\n script_name(english:\"Fedora 21 : gnutls-3.3.10-1.fc21 (2014-14734)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release, Security fix for CVE-2014-8564\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1161443\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143994.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78fc6da1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"gnutls-3.3.10-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:46", "description": "Sean Burford discovered that GnuTLS incorrectly handled printing certain elliptic curve parameters. A malicious remote server or client could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-12T00:00:00", "type": "nessus", "title": "Ubuntu 14.10 : gnutls28 vulnerability (USN-2403-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gnutls-bin", "p-cpe:/a:canonical:ubuntu_linux:libgnutls-deb0-28", "p-cpe:/a:canonical:ubuntu_linux:libgnutls-openssl27", "p-cpe:/a:canonical:ubuntu_linux:libgnutlsxx28", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2403-1.NASL", "href": "https://www.tenable.com/plugins/nessus/79209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2403-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79209);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8564\");\n script_bugtraq_id(71003);\n script_xref(name:\"USN\", value:\"2403-1\");\n\n script_name(english:\"Ubuntu 14.10 : gnutls28 vulnerability (USN-2403-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sean Burford discovered that GnuTLS incorrectly handled printing\ncertain elliptic curve parameters. A malicious remote server or client\ncould use this issue to cause GnuTLS to crash, resulting in a denial\nof service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2403-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnutls-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgnutls-deb0-28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgnutls-openssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgnutlsxx28\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.10\", pkgname:\"gnutls-bin\", pkgver:\"3.2.16-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libgnutls-deb0-28\", pkgver:\"3.2.16-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libgnutls-openssl27\", pkgver:\"3.2.16-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libgnutlsxx28\", pkgver:\"3.2.16-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls-bin / libgnutls-deb0-28 / libgnutls-openssl27 / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:57", "description": "gnutls was updated to fix one security issue. &#9; This security issue was fixed :\n\n - Parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564).", "cvss3": {"score": null, "vector": null}, "published": "2014-11-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2014:1472-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:gnutls-debuginfo", "p-cpe:/a:novell:opensuse:gnutls-debugsource", "p-cpe:/a:novell:opensuse:libgnutls-devel", "p-cpe:/a:novell:opensuse:libgnutls-devel-32bit", "p-cpe:/a:novell:opensuse:libgnutls-openssl-devel", "p-cpe:/a:novell:opensuse:libgnutls-openssl27", "p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28", "p-cpe:/a:novell:opensuse:libgnutls28-32bit", "p-cpe:/a:novell:opensuse:libgnutls28-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libgnutlsxx-devel", "p-cpe:/a:novell:opensuse:libgnutlsxx28", "p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2014-696.NASL", "href": "https://www.tenable.com/plugins/nessus/79413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-696.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79413);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8564\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2014:1472-1)\");\n script_summary(english:\"Check for the openSUSE-2014-696 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gnutls was updated to fix one security issue. &#9; This security issue\nwas fixed :\n\n - Parsing problem in elliptic curve blobs over TLS that\n could lead to remote crashes (CVE-2014-8564).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"gnutls-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"gnutls-debuginfo-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"gnutls-debugsource-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutls-devel-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutls-openssl-devel-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutls-openssl27-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutls-openssl27-debuginfo-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutls28-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutls28-debuginfo-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutlsxx-devel-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutlsxx28-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libgnutlsxx28-debuginfo-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libgnutls-devel-32bit-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libgnutls28-32bit-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-32bit-3.0.28-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gnutls-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gnutls-debuginfo-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gnutls-debugsource-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutls-devel-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutls-openssl-devel-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutls-openssl27-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutls-openssl27-debuginfo-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutls28-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutls28-debuginfo-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutlsxx-devel-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutlsxx28-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libgnutlsxx28-debuginfo-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libgnutls-devel-32bit-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libgnutls28-32bit-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-32bit-3.2.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gnutls-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gnutls-debuginfo-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gnutls-debugsource-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutls-devel-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutls-openssl-devel-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutls-openssl27-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutls-openssl27-debuginfo-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutls28-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutls28-debuginfo-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutlsxx-devel-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutlsxx28-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgnutlsxx28-debuginfo-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgnutls-devel-32bit-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgnutls28-32bit-3.2.18-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-32bit-3.2.18-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-debugsource / libgnutls-devel / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T14:24:18", "description": "Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-12T00:00:00", "type": "nessus", "title": "RHEL 7 : gnutls (RHSA-2014:1846)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gnutls", "p-cpe:/a:redhat:enterprise_linux:gnutls-c%2b%2b", "p-cpe:/a:redhat:enterprise_linux:gnutls-dane", "p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gnutls-devel", "p-cpe:/a:redhat:enterprise_linux:gnutls-utils", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-1846.NASL", "href": "https://www.tenable.com/plugins/nessus/79207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1846. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79207);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8564\");\n script_bugtraq_id(71003);\n script_xref(name:\"RHSA\", value:\"2014:1846\");\n\n script_name(english:\"RHEL 7 : gnutls (RHSA-2014:1846)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). The gnutls\npackages also include the libtasn1 library, which provides Abstract\nSyntax Notation One (ASN.1) parsing and structures management, and\nDistinguished Encoding Rules (DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially\ncrafted ECC certificate or a certificate signing request that, when\nprocessed by an application compiled against GnuTLS (for example,\ncerttool), could cause that application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the GnuTLS or libtasn1\nlibrary must be restarted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8564\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-dane\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1846\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"gnutls-3.1.18-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gnutls-c++-3.1.18-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gnutls-dane-3.1.18-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gnutls-debuginfo-3.1.18-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gnutls-devel-3.1.18-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"gnutls-utils-3.1.18-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"gnutls-utils-3.1.18-10.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-c++ / gnutls-dane / gnutls-debuginfo / gnutls-devel / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T01:47:08", "description": "Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-13T00:00:00", "type": "nessus", "title": "CentOS 7 : gnutls (CESA-2014:1846)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gnutls", "p-cpe:/a:centos:centos:gnutls-c%2b%2b", "p-cpe:/a:centos:centos:gnutls-dane", "p-cpe:/a:centos:centos:gnutls-devel", "p-cpe:/a:centos:centos:gnutls-utils", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2014-1846.NASL", "href": "https://www.tenable.com/plugins/nessus/79220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1846 and \n# CentOS Errata and Security Advisory 2014:1846 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79220);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8564\");\n script_bugtraq_id(71003);\n script_xref(name:\"RHSA\", value:\"2014:1846\");\n\n script_name(english:\"CentOS 7 : gnutls (CESA-2014:1846)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). The gnutls\npackages also include the libtasn1 library, which provides Abstract\nSyntax Notation One (ASN.1) parsing and structures management, and\nDistinguished Encoding Rules (DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially\ncrafted ECC certificate or a certificate signing request that, when\nprocessed by an application compiled against GnuTLS (for example,\ncerttool), could cause that application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the GnuTLS or libtasn1\nlibrary must be restarted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-November/020756.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1ed1564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8564\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-dane\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnutls-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnutls-c++-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnutls-dane-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnutls-devel-3.1.18-10.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnutls-utils-3.1.18-10.el7_0\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-c++ / gnutls-dane / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:45:38", "description": "gnutls was updated to fix one security issue.\n\n - Fixed parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2014:1628-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:gnutls", "p-cpe:/a:novell:suse_linux:gnutls-debuginfo", "p-cpe:/a:novell:suse_linux:gnutls-debugsource", "p-cpe:/a:novell:suse_linux:libgnutls-openssl27", "p-cpe:/a:novell:suse_linux:libgnutls-openssl27-debuginfo", "p-cpe:/a:novell:suse_linux:libgnutls28", "p-cpe:/a:novell:suse_linux:libgnutls28-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2014-1628-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83650", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1628-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83650);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8564\");\n script_bugtraq_id(71003);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2014:1628-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gnutls was updated to fix one security issue.\n\n - Fixed parsing problem in elliptic curve blobs over TLS\n that could lead to remote crashes (CVE-2014-8564).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8564/\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141628-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?756e11db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2014-109\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2014-109\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2014-109\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gnutls-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgnutls-openssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgnutls-openssl27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgnutls28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgnutls28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gnutls-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gnutls-debuginfo-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gnutls-debugsource-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgnutls-openssl27-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgnutls-openssl27-debuginfo-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgnutls28-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgnutls28-debuginfo-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgnutls28-32bit-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgnutls28-debuginfo-32bit-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gnutls-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gnutls-debuginfo-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gnutls-debugsource-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgnutls28-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgnutls28-32bit-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-3.2.15-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-32bit-3.2.15-4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:46:36", "description": "Updated gnutls packages fix security vulnerabilities :\n\nSuman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior) (CVE-2014-1959).\n\nIt was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092).\n\nA NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs (CVE-2014-3465).\n\nA flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code (CVE-2014-3466).\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564).", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0092", "CVE-2014-1959", "CVE-2014-3465", "CVE-2014-3466", "CVE-2014-8564"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gnutls", "p-cpe:/a:mandriva:linux:lib64gnutls-devel", "p-cpe:/a:mandriva:linux:lib64gnutls-ssl27", "p-cpe:/a:mandriva:linux:lib64gnutls-xssl0", "p-cpe:/a:mandriva:linux:lib64gnutls28", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-072.NASL", "href": "https://www.tenable.com/plugins/nessus/82325", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:072. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82325);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0092\", \"CVE-2014-1959\", \"CVE-2014-3465\", \"CVE-2014-3466\", \"CVE-2014-8564\");\n script_xref(name:\"MDVSA\", value:\"2015:072\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages fix security vulnerabilities :\n\nSuman Jana reported a vulnerability that affects the certificate\nverification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1\nintermediate certificate will be considered as a CA certificate by\ndefault (something that deviates from the documented behavior)\n(CVE-2014-1959).\n\nIt was discovered that GnuTLS did not correctly handle certain errors\nthat could occur during the verification of an X.509 certificate,\ncausing it to incorrectly report a successful verification. An\nattacker could use this flaw to create a specially crafted certificate\nthat could be accepted by GnuTLS as valid for a site chosen by the\nattacker (CVE-2014-0092).\n\nA NULL pointer dereference flaw was discovered in GnuTLS's\ngnutls_x509_dn_oid_name(). The function, when called with the\nGNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its\ncaller. However, it could previously return NULL when parsed X.509\ncertificates included specific OIDs (CVE-2014-3465).\n\nA flaw was found in the way GnuTLS parsed session ids from Server\nHello packets of the TLS/SSL handshake. A malicious server could use\nthis flaw to send an excessively long session id value and trigger a\nbuffer overflow in a connecting TLS/SSL client using GnuTLS, causing\nit to crash or, possibly, execute arbitrary code (CVE-2014-3466).\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially\ncrafted ECC certificate or a certificate signing request that, when\nprocessed by an application compiled against GnuTLS (for example,\ncerttool), could cause that application to crash or execute arbitrary\ncode with the permissions of the user running the application\n(CVE-2014-8564).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0117.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0458.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-ssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-xssl0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls28\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"gnutls-3.2.7-2.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64gnutls-devel-3.2.7-2.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64gnutls-ssl27-3.2.7-2.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64gnutls-xssl0-3.2.7-2.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64gnutls28-3.2.7-2.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T15:07:47", "description": "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.", "cvss3": {}, "published": "2014-11-13T21:32:00", "type": "cve", "title": "CVE-2014-8564", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:gnu:gnutls:3.1.5", "cpe:/a:gnu:gnutls:3.0.23", "cpe:/a:gnu:gnutls:3.1.21", "cpe:/a:gnu:gnutls:3.0.19", "cpe:/a:gnu:gnutls:3.2.10", "cpe:/a:gnu:gnutls:3.0.7", "cpe:/a:gnu:gnutls:3.0.9", "cpe:/a:gnu:gnutls:3.1.26", "cpe:/a:gnu:gnutls:3.0.28", "cpe:/a:gnu:gnutls:3.3.0", "cpe:/a:gnu:gnutls:3.1.27", "cpe:/a:gnu:gnutls:3.0.2", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:gnu:gnutls:3.2.1", "cpe:/a:gnu:gnutls:3.2.7", "cpe:/a:gnu:gnutls:3.2.14", "cpe:/a:gnu:gnutls:3.2.0", "cpe:/a:gnu:gnutls:3.2.6", "cpe:/a:gnu:gnutls:3.0.0", "cpe:/a:gnu:gnutls:3.0.17", "cpe:/a:gnu:gnutls:3.0.8", "cpe:/a:gnu:gnutls:3.0.11", "cpe:/a:gnu:gnutls:3.2.13", "cpe:/a:gnu:gnutls:3.0.24", "cpe:/a:gnu:gnutls:3.1.11", "cpe:/a:gnu:gnutls:3.0.26", "cpe:/a:gnu:gnutls:3.1.0", "cpe:/a:gnu:gnutls:3.2.2", "cpe:/a:gnu:gnutls:3.2.16", "cpe:/a:gnu:gnutls:3.0.10", "cpe:/a:gnu:gnutls:3.2.15", "cpe:/a:gnu:gnutls:3.1.10", "cpe:/o:opensuse:opensuse:12.3", "cpe:/a:gnu:gnutls:3.0.13", "cpe:/a:gnu:gnutls:3.1.6", "cpe:/a:gnu:gnutls:3.0.15", "cpe:/a:gnu:gnutls:3.0.16", "cpe:/a:gnu:gnutls:3.0.20", "cpe:/a:gnu:gnutls:3.3.1", "cpe:/a:gnu:gnutls:3.3.5", "cpe:/a:gnu:gnutls:3.0.18", "cpe:/a:gnu:gnutls:3.1.2", "cpe:/a:gnu:gnutls:3.1.1", "cpe:/a:gnu:gnutls:3.2.18", "cpe:/a:gnu:gnutls:3.1.24", "cpe:/a:gnu:gnutls:3.1.23", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:gnutls:3.2.19", "cpe:/a:gnu:gnutls:3.2.5", "cpe:/a:gnu:gnutls:3.0.22", "cpe:/a:gnu:gnutls:3.1.16", "cpe:/a:gnu:gnutls:3.2.12.1", "cpe:/a:gnu:gnutls:3.0.3", "cpe:/a:gnu:gnutls:3.2.11", "cpe:/a:gnu:gnutls:3.1.25", "cpe:/a:gnu:gnutls:3.2.12", "cpe:/a:gnu:gnutls:3.1.3", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:gnu:gnutls:3.3.9", "cpe:/a:gnu:gnutls:3.0.5", "cpe:/a:gnu:gnutls:3.3.8", "cpe:/a:gnu:gnutls:3.2.3", "cpe:/a:gnu:gnutls:3.1.7", "cpe:/a:gnu:gnutls:3.3.6", "cpe:/a:gnu:gnutls:3.1.9", "cpe:/a:gnu:gnutls:3.2.8.1", "cpe:/a:gnu:gnutls:3.1.18", "cpe:/a:gnu:gnutls:3.0.12", "cpe:/a:gnu:gnutls:3.1.12", "cpe:/a:gnu:gnutls:3.3.2", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:gnu:gnutls:3.1.20", "cpe:/a:gnu:gnutls:3.1.13", "cpe:/a:gnu:gnutls:3.2.4", "cpe:/a:gnu:gnutls:3.3.4", "cpe:/a:gnu:gnutls:3.0.4", "cpe:/a:gnu:gnutls:3.1.8", "cpe:/a:gnu:gnutls:3.2.17", "cpe:/a:gnu:gnutls:3.0.21", "cpe:/a:gnu:gnutls:3.3.3", "cpe:/a:gnu:gnutls:3.0.27", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/a:gnu:gnutls:3.1.17", "cpe:/a:gnu:gnutls:3.2.8", "cpe:/a:gnu:gnutls:3.0.6", "cpe:/a:gnu:gnutls:3.2.9", "cpe:/a:gnu:gnutls:3.1.15", "cpe:/a:gnu:gnutls:3.1.22", "cpe:/a:gnu:gnutls:3.0.25", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:gnu:gnutls:3.0", "cpe:/a:gnu:gnutls:3.1.4", "cpe:/a:gnu:gnutls:3.0.1", "cpe:/a:gnu:gnutls:3.3.7", "cpe:/a:gnu:gnutls:3.0.14", "cpe:/a:gnu:gnutls:3.1.19", "cpe:/a:gnu:gnutls:3.1.14"], "id": "CVE-2014-8564", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8564", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*"]}], "archlinux": [{"lastseen": "2016-09-02T18:44:39", "description": "An out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR) resulting in heap corruption.", "edition": 2, "cvss3": {}, "published": "2014-11-12T00:00:00", "type": "archlinux", "title": "gnutls: out-of-bounds memory write", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-12T00:00:00", "id": "ASA-201411-10", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564). \n", "cvss3": {}, "published": "2014-11-15T18:31:46", "type": "mageia", "title": "Updated gnutls package fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-15T18:31:46", "id": "MGASA-2014-0458", "href": "https://advisories.mageia.org/MGASA-2014-0458.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-04-21T07:36:31", "description": "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.", "cvss3": {}, "published": "2014-11-13T21:32:00", "type": "debiancve", "title": "CVE-2014-8564", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-13T21:32:00", "id": "DEBIANCVE:CVE-2014-8564", "href": "https://security-tracker.debian.org/tracker/CVE-2014-8564", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2016-09-26T17:23:07", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2015-01-08T00:00:00", "type": "f5", "title": "SOL15970 - GnuTLS 3.x vulnerability CVE-2014-8564", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2015-01-08T00:00:00", "id": "SOL15970", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15970.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:50:55", "description": "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x\nbefore 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote\nattackers to cause a denial of service (out-of-bounds write) via a crafted\n(1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate\nsigning requests (CSR), related to generating key IDs.", "cvss3": {}, "published": "2014-11-10T00:00:00", "type": "ubuntucve", "title": "CVE-2014-8564", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-10T00:00:00", "id": "UB:CVE-2014-8564", "href": "https://ubuntu.com/security/CVE-2014-8564", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:55", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:215\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : gnutls\r\n Date : November 19, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated gnutls package fix security vulnerability:\r\n \r\n An out-of-bounds memory write flaw was found in the way GnuTLS\r\n parsed certain ECC &#40;Elliptic Curve Cryptography&#41; certificates or\r\n certificate signing requests &#40;CSR&#41;. A malicious user could create a\r\n specially crafted ECC certificate or a certificate signing request\r\n that, when processed by an application compiled against GnuTLS &#40;for\r\n example, certtool&#41;, could cause that application to crash or execute\r\n arbitrary code with the permissions of the user running the application\r\n &#40;CVE-2014-8564&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8564\r\n http://advisories.mageia.org/MGASA-2014-0458.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 94d152cd74fe6bd1fbfc5129ab011787 mbs1/x86_64/gnutls-3.0.28-1.8.mbs1.x86_64.rpm\r\n 49acc9edb1de075c5d960dcf41587130 mbs1/x86_64/lib64gnutls28-3.0.28-1.8.mbs1.x86_64.rpm\r\n 24e3675f3a05835117e2a9e16bc27d15 mbs1/x86_64/lib64gnutls-devel-3.0.28-1.8.mbs1.x86_64.rpm\r\n 860f32dafc10af57574abad1321e76bf mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.8.mbs1.x86_64.rpm \r\n 369eb8cdb1874549080fe52aa50949bd mbs1/SRPMS/gnutls-3.0.28-1.8.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFUbFPjmqjQ0CJFipgRArN3AJkBt3qyw5U8YBA7QD56RgBZ/7e0jgCeOVvB\r\nb6J8ohvs0X3ruBgIIpQfQy0=\r\n=JgOd\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-11-24T00:00:00", "title": "[ MDVSA-2014:215 ] gnutls", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-24T00:00:00", "id": "SECURITYVULNS:DOC:31391", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31391", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:58:06", "description": "Memory corruption on ECC.", "edition": 2, "cvss3": {}, "published": "2014-11-24T00:00:00", "title": "GnuTLS memory corruption", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-24T00:00:00", "id": "SECURITYVULNS:VULN:14100", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14100", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:06", "description": "[3.1.18-10]\n- Applied fix for CVE-2014-8564 (#1161472)", "cvss3": {}, "published": "2014-11-12T00:00:00", "type": "oraclelinux", "title": "gnutls security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-12T00:00:00", "id": "ELSA-2014-1846", "href": "http://linux.oracle.com/errata/ELSA-2014-1846.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:53:44", "description": "**CentOS Errata and Security Advisory** CESA-2014:1846\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). The gnutls packages also\ninclude the libtasn1 library, which provides Abstract Syntax Notation One\n(ASN.1) parsing and structures management, and Distinguished Encoding Rules\n(DER) encoding and decoding functions.\n\nAn out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially crafted\nECC certificate or a certificate signing request that, when processed by an\napplication compiled against GnuTLS (for example, certtool), could cause\nthat application to crash or execute arbitrary code with the permissions of\nthe user running the application. (CVE-2014-8564)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Sean Burford as the original reporter.\n\nAll gnutls users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS or libtasn1 library must\nbe restarted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2014-November/057675.html\n\n**Affected packages:**\ngnutls\ngnutls-c++\ngnutls-dane\ngnutls-devel\ngnutls-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2014:1846", "cvss3": {}, "published": "2014-11-12T12:50:47", "type": "centos", "title": "gnutls security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-12T12:50:47", "id": "CESA-2014:1846", "href": "https://lists.centos.org/pipermail/centos-announce/2014-November/057675.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:47:12", "description": "Sean Burford discovered that GnuTLS incorrectly handled printing certain \nelliptic curve parameters. A malicious remote server or client could use \nthis issue to cause GnuTLS to crash, resulting in a denial of service, or \npossibly execute arbitrary code.\n", "cvss3": {}, "published": "2014-11-11T00:00:00", "type": "ubuntu", "title": "GnuTLS vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8564"], "modified": "2014-11-11T00:00:00", "id": "USN-2403-1", "href": "https://ubuntu.com/security/notices/USN-2403-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}