SUSE CVE-2016-7444

The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2022-2609)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2022-2609)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OC...

Mageia: Security Advisory (MGASA-2016-0326)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2021-1847

Software: gnutls 3.3.29 OS: Cobalt 7.9 CVE-ID: CVE-2014-3469 CVE-Crit: CRITICAL CVE-DESC: The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allow context-sensitive attackers to cause a denial of service dereferencing a NULL pointer and crashing via a NULL value in t...

SUSE: Security Advisory (SUSE-SU-2017:0348-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1204)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 1.0: Gnutls PHSA-2017-0015

An update of the gnutls package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121688;...

Ubuntu 14.04 LTS : GnuTLS vulnerability (USN-3183-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3183-2 advisory. USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04...

Ubuntu: Security Advisory (USN-3183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated gnutls packages fix security vulnerability

An issue was found in certificate validation using OCSP responses caused by not verifying the serial length, which can falsely report a certificate as valid CVE-2016-7444...

MGASA-2016-0326 Updated gnutls packages fix security vulnerability

An issue was found in certificate validation using OCSP responses caused by not verifying the serial length, which can falsely report a certificate as valid CVE-2016-7444...

CVE-2016-7444

CVE-2016-7444 affects GnuTLS: the function gnutls_ocsp_resp_check_crt in lib/x509/ocsp.c fails to verify the serial length of OCSP responses, due to trailing bytes from gnutls_malloc. This can allow remote attackers to bypass certificate validation. Affected versions are GnuTLS before 3.4.15 and ...

[ASA-201609-25] gnutls: certificate verification bypass

Arch Linux Security Advisory ASA-201609-25 ========================================== Severity: Medium Date : 2016-09-26 CVE-ID : CVE-2016-7444 Package : gnutls Type : certificate verification bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package gnutls...