19 matches found
K37830055: GnuTLS vulnerability CVE-2017-7507
Security Advisory Description GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. CVE-2017-7507 Impact An attacker may be able to exploit this...
Mageia: Security Advisory (MGASA-2017-0212)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerabilities in GnuTLS affect Power Hardware Management Console
Summary GnuTLS is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7869 DESCRIPTION: GnuTLS is vulnerable to a denial of service, caused by an integer overflow and heap-based buffer overflow in cdkpktread function in...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1203)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1204)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 7 : gnutls (ELSA-2017-2292)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2292 advisory. - Address crash in OCSP status request extension, by eliminating the unneeded parsing CVE-2017-7507, 1455828 Tenable has extracted the preceding...
Updated gnutls packages fix security vulnerabilities
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10. CVE-2017-7869 GnuTLS version 3.5.1...
MGASA-2017-0212 Updated gnutls packages fix security vulnerabilities
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10. CVE-2017-7869 GnuTLS version 3.5.1...
Fedora 26 : mingw-gnutls (2017-7936341c80)
https://lists.gnupg.org/pipermail/gnutls-devel/2017-June/008446.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
openSUSE Security Update : gnutls (openSUSE-2017-824)
This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding bsc1043398 - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding bsc1034173 - Address read of 4 bytes past the end of...
SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:1838-1)
This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding bsc1043398 - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding bsc1034173 - Address read of 4 bytes past the end of...
[ASA-201707-6] lib32-gnutls: denial of service
Arch Linux Security Advisory ASA-201707-6 ========================================= Severity: Medium Date : 2017-07-11 CVE-ID : CVE-2017-7507 Package : lib32-gnutls Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-295 Summary ======= The package lib32-gnutls before...
GnuTLS status_request Extension Null Pointer Dereference (CVE-2017-7507)
A denial of service vulnerability exists in the GnuTLS library. The vulnerability is due to improper parsing of certain values in the statusrequest extension. A remote attacker can exploit this vulnerability by sending a crafted Client Hello to the target server...
CVE-2017-7507
CVE-2017-7507 affects GnuTLS 3.5.12 and earlier, which are vulnerable to a NULL pointer dereference when decoding a status_request extension in ClientHello, potentially crashing the server. Several connected advisories confirm the issue and provide remediation: upgrade to GnuTLS 3.5.13 or newer (...
CVE-2017-7507
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...
[SECURITY] [DSA 3884-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 16, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3884-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 16, 2017 https://www.debian.org/security/faq -...
Ubuntu 14.04 LTS / 16.04 LTS : GnuTLS vulnerabilities (USN-3318-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3318-1 advisory. Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this...
USN-3318-1: GnuTLS vulnerabilities
Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. CVE-2017-7507 I...