Alibaba Cloud Linux 3 : 0008: gnutls (ALINUX3-SA-2021:0008)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0008 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-3829: A vulnerability was found i...

Oracle Linux 8 : gnutls (ELSA-2019-3600)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3600 advisory. - Fixed CVE-2019-3829 1693285 - Fixed CVE-2019-3836 1693288 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

SUSE: Security Advisory (SUSE-SU-2019:1121-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 2.0: Gnutls PHSA-2019-2.0-0152

An update of the gnutls package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0152. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid12621...

Ubuntu 16.04 LTS / 18.04 LTS : GnuTLS vulnerabilities (USN-3999-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3999-1 advisory. Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side- channel attack known as the Lucky...

Ubuntu: Security Advisory (USN-3999-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3999-1: GnuTLS vulnerabilities

Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected...

openSUSE Security Update : gnutls (openSUSE-2019-1353)

This update for gnutls fixes to version 3.6.7 the following issues : Security issued fixed : - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages bsc1130682. - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API bsc1130681. -...

openSUSE: Security Advisory for gnutls (openSUSE-SU-2019:1353-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for gnutls FEDORA-2019-e8c1cf958f

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2019:1121-1)

This update for gnutls fixes to version 3.6.7 the following issues : Security issued fixed : CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages bsc1130682. CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API bsc1130681...

GLSA-201904-14 : GnuTLS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201904-14 GnuTLS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact : Please review the CVE identifiers referenced below for...

MGASA-2019-0134 Updated gnutls packages fix security vulnerability

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVE-2019-3829...

[ASA-201904-2] gnutls: multiple issues

Arch Linux Security Advisory ASA-201904-2 ========================================= Severity: Critical Date : 2019-04-05 CVE-ID : CVE-2019-3829 CVE-2019-3836 Package : gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-945 Summary ======= The package gnutls befor...

Fedora 29 : gnutls (2019-e8c1cf958f)

Update to upstream release 3.6.7 Security fix for CVE-2019-3836 and CVE-2019-3829 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Security fix for the ALT Linux 10 package gnutls30 version 3.6.7-alt1

March 28, 2019 Mikhail Efremov 3.6.7-alt1 - Updated to 3.6.7 fixes: CVE-2019-3836, CVE-2019-3829. - Don't make check in parallel mode...

ALPINE-CVE-2019-3829

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected...

CVE-2019-3829

CVE-2019-3829 affects GnuTLS versions prior to 3.6.7 (including 3.5.8+). The issue is a memory corruption (double free) in the certificate verification API (e.g., verify_crt and gnutls_x509_trust_list_verify_crt). This can enable arbitrary code execution or crash scenarios when a client or server...